Configuring and adding a S3 bucket to VidiCore as a service in VidiNet [HT GEN]
Applies to
Setting up MAM and distribution workflows using VidiCore and AWS S3 Bucket as storage.
Summary
In the following how-to article, you will learn how to configure an AWS S3 bucket for basic integration with VidiCore API / VidiNet. The steps described in this article will require.
AWS account with the necessary control over the permissions needed for integration with VidiCore
Basic understanding of the AWS services such as S3 (the cloud storage) and IAM (the AWS permissions service).
Verified installation of VidiCore API in VidiNet.
This how-to article describes a basic setup of an AWS bucket. For more advanced security and permission configuration of your AWS service to meet your company's requirements, please refer to the articles referenced in this page.
As of release 22.2, we highly recommend one use role-based access between your VidiCore service and AWS S3 bucket.
Instructions
Before attempting to add an AWS S3 Storage, through the instructions above, we highly recommend taking into account the aspects and considerations contained in the following articles:
Setting up your AWS S3 bucket
To create a S3 bucket in AWS, direct your attention to the webpage of your AWS account and the Service S3.
Click the Create Bucket button and follow the instructions prompted by AWS.
To create the subdirectories, click on your bucket and then click the button Create folder. Choose a name for the initial storage.
Repeat this process for the thumbnail's directory.
In order for the S3 Bucket to be accessible for VidiCore a user needs to be created or modified, to be allowed to use this resource. To grant permissions for the user to the S3 storage resource an AWS IAM Policy is used.
First, create a new user that should have permission to access this S3 bucket. Navigate to the AWS IAM Service. Click Users and then click the button Add user. Follow the instruction prompted by the dialogue box. Make sure to enable Programmatic Access to this users Access type.
During the user creation phase you will be prompted with the access key ID and secret access key
Make sure to note these down in safe manner.
Configuring and adding permissions IAM
In order for this user to have access to the S3 resource you previously created, an IAM Policy needs to be set on this user. This can be done in several ways. One way is to use an inline policy for the user. Navigate to IAM Service once more, click Users and then click on the specific user you want to change permissions on. In our case, this would be the user vidinet-user. Click the add inline policy button on the permissions tab for the user.
The permissions this user needs on the S3 resource objects are: GetObject, PutObject, DeleteObject and DeleteObjectVersion.
For the S3 bucket itself the user needs: ListBucket and GetBucketLocation.
Finally the user needs permission to list all buckets for this account: ListAllMyBuckets for all resources.
To achieve this enter the JSON tab on the inline policy and fill in the policy information. For us, this would look like the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserToReadWriteObjectDataInBuckets",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::my-vaas-storage/*"
]
},
{
"Sid": "AllowListingOfBuckets",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-vaas-storage"
]
},
{
"Sid": "AllowListingOfAllBuckets",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
}
]
}After the storage, user and the policy has been created and updated we can proceed by filling in this information for the Vidispine as a Service setup.
Adding your AWS S3 Bucket to VidiCore service using the VidiCore API
In order to proceed with the fulfilling the above it is important to follow the steps as indicated in the following articles: