How to add an S3 storage to your VaaS Instance
Instructions
During setup of your Vidispine as a Service, for instance a Team Edition, you will be asked to configure an initial storage and a storage for thumbnails.
In AWS this storage is a S3 bucket. You may choose to use different S3 buckets or simply use a single bucket with different subdirectories for storage or thumbnails.Applies to
Setting up MAM and distribution workflows using VidiNet and AWS S3Bucket as storage.
Summary
In the following how-to article you will learn how to configure an AWS S3 bucket for basic integration with VidiCore API / VidiNet. The steps described in this article will require.
a AWS account with the necessary control over the permissions needed for integration with VidiCore /VidiNet
a basic understanding of the AWS services such as S3 ( the cloud storage) and IAM ( the AWS permissions service )
an verified installation of VidiCore API / VidiNet
a verified S3 bucket set up in your AWS account in order to attach this service to VidiNet
Table of contents
Instructions
Setting up your AWS S3 bucket
To create a S3 bucket in AWS, direct your attention to the webpage of your AWS account and the Service S3Service S3.To create a bucket, click the Create Bucket button
click the Create Bucket button and follow the instructions prompted by AWS.
...
to create the subdirectories, click on your bucket and then click the
...
button Create folder. Choose a name for the initial storage.
Repeat this process for the thumbnails directory.
In order for the S3 Bucket to be accessible for Vidinet VidiNet a user needs to be created, or modified, to be allowed to use this resource. To grant permissions for the user to the S3 storage resource an AWS AWS IAM Policy is is used.
First, create a new user that should have permission to access this S3 bucket. Navigate to the AWS AWS IAM Service Service. Click Users and then click then button button Add user. Follow the instruction prompted by the dialog box. Make sure to enable enable Programmatic Access to to this users Access type.
Add User
...
During the user creation phase you will be prompted with
...
the access key ID
...
and secret access key
...
make sure to note these down in safe manner.
Configuring and adding permissions IAM
In order for this user to have access to the S3 resource you previously created, an IAM Policy needs to be set on this user. This can be done in several ways, one way is to use an inline policy for the user. Navigate to IAM Service once more, click Users and then click on the specific user you want to change permissions on. In our case this would be the user user vidinet-user. Click the the add inline policy button button on the permissions tab for the user.
The permissions this user needs on the S3 resource objects are: GetObject, PutObject, DeleteObject and and DeleteObjectVersion. For the S3 bucket itself the user needs: ListBucket and GetBucketLocation ListBucket and GetBucketLocation. Finally the user needs permission to list all buckets for this account: ListAllMyBuckets for ListAllMyBuckets for all resources.
To achieve this enter the JSON tab on the inline policy and fill in the policy information. For us, this would look like the following:
...
...
{
...
"Version": "2012-10-17",
...
"Statement": [
...
...
{
...
"Sid": "AllowUserToReadWriteObjectDataInBuckets",
...
...
"Effect": "Allow",
...
"Action": [
...
"s3:GetObject",
...
"s3:PutObject",
...
"s3:DeleteObject",
...
"s3:DeleteObjectVersion"
...
],
...
"Resource": [
...
"arn:aws:s3:::my-vaas-storage/*"
...
...
]
...
...
},
...
{
...
"Sid": "AllowListingOfBuckets",
...
...
"Effect": "Allow",
...
"Action": [
...
"s3:ListBucket",
...
"s3:GetBucketLocation"
...
...
],
...
"Resource": [
...
"arn:aws:s3:::my-vaas-storage"
...
]
...
},
...
{
...
"Sid": "AllowListingOfAllBuckets",
...
"Effect": "Allow",
...
"Action": [
...
"s3:ListAllMyBuckets"
...
...
],
...
"Resource": "*"
...
...
}
...
]
}
...
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
hidden | true |
---|
...
After the storage, user and the policy has been created and updated we can proceed by filling in this information for the VidiCore as a Service setup.
Adding your AWS S3 Bucket to VidiNet.
After you have created your S3 bucket according to the previous chapter, the configuration of the S3 bucket integration to your VidiNet system should be quite straight forward from here.
During setup of your VidiCore as a Service, for instance a Team Edition, you will be asked to configure an initial storage and a storage for thumbnails
You may choose to use different S3 buckets or simply use a single bucket with different subdirectories for storage or thumbnails.
This how-to article describe a basic setup of an AWS bucket. For more advanced security and permission configuration of your AWS service to meet your companies requirements, please refer to AWS knowledge-base in the Related articles below.
Related articles
Working with IAM policys on AWS