This article is a continuation of Video Streams on AWS S3 + CloudFront.
Connect with a time-limited URL. (One-time URL) I want to restrict viewing to a video stream and distribute it. (I tried it with an image this time) Ultimately, I want to distribute the video using Plone authentication. (Challenge after next time)
Create a new bucket and place a trial image. Try to distribute this image privately.
S3
--Create a new bucket (c2-video-test-private)
CloundFront
--Get CloudFront Access ID
Refer to the following boto item and try to make it in the local Python environment.
https://dn045wcqv2fv4.cloudfront.net/terada_pythonbr.jpg Not surprisingly, the error is back.
error.xml
<Error>
<Code>MissingKey</Code>
<Message>Missing Key-Pair-Id query parameter</Message>
</Error>
(Details of boto relations are described at the bottom)
sample.py
ACCESS_KEY_ID = "xxxxxxxxxxxxxxxxx"
SECRET_ACCESS_KEY = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
YOUR_KEYPAIR_ID = "xxxxxxxxxxxxxx"
YOUR_PRIVATE_KEY_FILE_LOCATION = "xxxxxxxxxxxxxxxxxxxxx.pem"
url = "https://dn045wcqv2fv4.cloudfront.net/terada_pythonbr.jpg "
expire_time = int(time.time() +3600)
conn = CloudFrontConnection(ACCESS_KEY_ID, SECRET_ACCESS_KEY)
distribution = Distribution(connection=conn, config=None, domain_name='', id='', last_modified_time=None, status='')
signed_url = distribution.create_signed_url(url=url, keypair_id=YOUR_KEYPAIR_ID, expire_time=expire_time, private_key_file=YOUR_PRIVATE_KEY_FILE_LOCATION)
>>> print signed_url
https://dn045wcqv2fv4.cloudfront.net/terada_pythonbr.jpg?Expires=1406023941&Signature=Ihps3u0~jQ-Twkghg2tqQ-dTMEZoRC-Jb13F4FgNe~1MVAsXQ-yAbXtEKSTsIhN6OLZmuUii6E1xs7nWfe-76SGk26Jmx5edd35EgwQ8mH~2XlY4QOqP1Fgza93q02oQNhJWte1mef4tc8p3fJO6yzebpTEh4MqvQOt9s5bcKq9ad8EGSmfXfUlgL6b87z6TOAXVFQuIotttu6ajlfbCpplIUD-~r-6W~SB6n2dyB8SaoKgJBTkEKJwFiBWx2S5M20-06hsLOeV23UBJcuq6~C-pE1r1ViE8Ia-tM8L6v7zcbtLfOdw9lgFzYoMoh-KiWOAdz7pc-koYMVPXZ-9DuQ__&Key-Pair-Id=APKAJAJZQHPKZI6OK5UQ
https://dn045wcqv2fv4.cloudfront.net/terada_pythonbr.jpg?Expires=1406023941&Signature=Ihps3u0~jQ-Twkghg2tqQ-dTMEZoRC-Jb13F4FgNe~1MVAsXQ-yAbXtEKSTsIhN6OLZmuUii6E1xs7nWfe-76SGk26Jmx5edd35EgwQ8mH~2XlY4QOqP1Fgza93q02oQNhJWte1mef4tc8p3fJO6yzebpTEh4MqvQOt9s5bcKq9ad8EGSmfXfUlgL6b87z6TOAXVFQuIotttu6ajlfbCpplIUD-~r-6W~SB6n2dyB8SaoKgJBTkEKJwFiBWx2S5M20-06hsLOeV23UBJcuq6~C-pE1r1ViE8Ia-tM8L6v7zcbtLfOdw9lgFzYoMoh-KiWOAdz7pc-koYMVPXZ-9DuQ__&Key-Pair-Id=APKAJAJZQHPKZI6OK5UQ
I was able to access 2014/07/22 18:14. 2014/07/22 It should not be accessible at 19:15
boto
boto is a Python module that manipulates AWS APIs. It used to be unofficial on Amazon, but now that the developers are now affiliated with Amazon, it should be semi-official.
$ pip install rsa
$ pip install boto
The explanation was below. http://boto.readthedocs.org/en/latest/ref/cloudfront.html
create_signed_url(url, keypair_id, expire_time=None, valid_after_time=None, ip_address=None, policy_url=None, private_key_file=None, private_key_string=None)
Below was a sample
http://stackoverflow.com/questions/2573919/creating-signed-urls-for-amazon-cloudfront
import boto
from boto.cloudfront import CloudFrontConnection
from boto.cloudfront.distribution import Distribution
expire_time = int(time.time() +3000)
conn = CloudFrontConnection('ACCESS_KEY_ID', 'SECRET_ACCESS_KEY')
##enter the id or domain name to select a distribution
distribution = Distribution(connection=conn, config=None, domain_name='', id='', last_modified_time=None, status='')
signed_url = distribution.create_signed_url(url='YOUR_URL', keypair_id='YOUR_KEYPAIR_ID_example-APKAIAZVIO4BQ',expire_time=expire_time,private_key_file="YOUR_PRIVATE_KEY_FILE_LOCATION")
-[AWS Meister Series] Content distribution by Amazon CloudFront / Amazon Elastic Transcoder http://www.slideshare.net/AmazonWebServicesJapan/20131120-aws-medisterregeneratecloudfrontetspublic There is an explanation on P29
--Accessing private content with Amazon CloudFront Part 1 http://dev.classmethod.jp/etc/amazon-cloudfront-private-contents-access-1/ There is a manual in English on the AWS management console, and at present, it seems that all operations can be performed from the web management console.
Make the above correspond to the video stream that was set to TODO
--C2-video-test-private Add video folder to bucket --Added PyConAPACTW2014terada.mp4 to video folder --Added stream-enabled Distribution to CloudFront
Up to this point, it should be easy to do by reviewing the past.
Work with boto as above
>>> url = "rtmp://s3lse3ja7xuop9.cloudfront.net/cfx/st/&mp4:video/PyConAPACTW2014terada.mp4"
>>> policy_url = "video/*"
>>> signed_url = distribution.create_signed_url(url=url, keypair_id=YOUR_KEYPAIR_ID, expire_time=expire_time, private_key_file=YOUR_PRIVATE_KEY_FILE_LOCATION, policy_url=policy_url)
>>> print signed_url
rtmp://s3lse3ja7xuop9.cloudfront.net/cfx/st/&mp4:video/PyConAPACTW2014terada.mp4?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoidmlkZW8vKiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQwNjg5OTIwMX19fV19&Signature=m10lfH4vpepAWVNLCGO9xr~TFs-ZCUklra-I4D6WZvqO3aHhijIbtPQOiK00BPZzTxnu-enkvTuao1aDoP~HSONzF5xIqGqMuP4RYJ-B0~g5iQxvac1VVkb~3lZXMRN3Oz45BsrRWQawyXp1o~0M9sFr~zIVQAbM8aAji1WmTu0~fY0UcfgO74DNevYw4-I4S8S2KLnSimFGeU0bz3b8bXtgxketPz0JhTyM4akK8gD7xWjskrxFOZ4pskCaLvJr3Pyb9pJsqQ9T2izNsPs0Ms5pi94FnOdyejSRWezqrxp00KNttnlc3DGCOcmcCNDNYdIMxmNC6MuAfQKx~a1tig__&Key-Pair-Id=APKAJAJZQHPKZI6OK5UQ
Make the src part a Signed URL.
<source src="rtmp://s3lse3ja7xuop9.cloudfront.net/cfx/st/&mp4:video/PyConAPACTW2014terada.mp4?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoidmlkZW8vKiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQwNjg5OTIwMX19fV19&Signature=m10lfH4vpepAWVNLCGO9xr~TFs-ZCUklra-I4D6WZvqO3aHhijIbtPQOiK00BPZzTxnu-enkvTuao1aDoP~HSONzF5xIqGqMuP4RYJ-B0~g5iQxvac1VVkb~3lZXMRN3Oz45BsrRWQawyXp1o~0M9sFr~zIVQAbM8aAji1WmTu0~fY0UcfgO74DNevYw4-I4S8S2KLnSimFGeU0bz3b8bXtgxketPz0JhTyM4akK8gD7xWjskrxFOZ4pskCaLvJr3Pyb9pJsqQ9T2izNsPs0Ms5pi94FnOdyejSRWezqrxp00KNttnlc3DGCOcmcCNDNYdIMxmNC6MuAfQKx~a1tig__&Key-Pair-Id=APKAJAJZQHPKZI6OK5UQ"
type='rtmp/mp4' />
I think that the viewing deadline has already passed, but I confirmed that you can see it below http://c2-video-test.s3-website-ap-northeast-1.amazonaws.com/index2.html
--I want to restrict viewing to the video stream and distribute it. -> 20140801 Described in the "Try with video" item above. --Investigating what happens with HLS for iOS-> http://qiita.com/terapyon/items/fadecf13ed1d11dcd34d ――Finally, I want to distribute the video using Plone authentication.
Private content distribution with AWS CloudFront
Recommended Posts