Skip to main content
Skip table of contents

Configuring AWS S3 bucket policy for the AWS Elemental MediaConvert service [VN UG]

During setup of your AWS Elemental MediaConvert service, you will be asked to update the bucket policy on the AWS S3 bucket(s) you want to use. You can use a single bucket with different folders for input and output, or use different buckets. Depending on if you use  different input and output buckets, or the same you need to set up your bucket policy differently. 

To create a S3 bucket in AWS, direct your attention to the webpage of your AWS account and the Service S3. To create a bucket, click the Create Bucket button and follow the instructions prompted by AWS. To create the subdirectories, click on your bucket and then click the button Create folder. Choose a name for your folders. Repeat this for all the buckets you need. To set up the bucket policy navigate to the Permissions tab in your bucket, and select Bucket Policy.

For the bucket you use for input (source), set the following policy: 

CODE 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::823635665685:role/MediaConvertRole"
        ]
      },
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::{your-s3-bucket}/*",
        "arn:aws:s3:::{your-s3-bucket}"
      ]
    }
  ]
}

For the bucket you want to use as output, add the following policy: 

CODE 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::823635665685:role/MediaConvertRole",
          "arn:aws:iam::823635665685:role/vidinet-ec2-sf"
        ]
      },
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": [
        "arn:aws:s3:::{your-s3-bucket}/*",
        "arn:aws:s3:::{your-s3-bucket}"
      ]
    }
  ]
}

If you use the same bucket for both input and output you can use the following policy, combining the two above.

CODE 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::823635665685:role/vidinet-ec2-sf",
                    "arn:aws:iam::823635665685:role/MediaConvertRole"
                ]
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::{your-s3-bucket}/*",
                "arn:aws:s3:::{your-s3-bucket}"
           ]
        }
    ]
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close