background:
amazon cloudfront video delivery s3 storage: using custom 360-degree video player. player links mp4 videos. videos not streamed direct link progressive download.
issue solve ---> signed url
1) videos should play website , not other websites. otherwise hotlink videofiles, , have pay amazon traffic.
2) , how insert cloudfront "signed url" policies?? tips suggest use "signed url" connected cloudfront. cannot put puzzles together, confusing semi-advanced self-taught guy. so..:
2a --> insert cloudfront policy? on s3 console?or where?
2b --> write, pls. provide working example!
2c --> how include 1 specific domain
3)i suspect protecting file permissions in s3 bucket not enough, cloudfront may ignore permission rule. correct?
guidance:
if nothing works, looking paid, 1-hour skype guidence session set 1 video cloudfront signed url, using screensharing. step-by-step explanation, can repeat process other videos myself. , skype session affordable budget sensitive kickstarter / indiegogo project.
i appreciate help, do! thanks!
1) videos should play website , not other websites. otherwise hotlink videofiles, , have pay amazon traffic.
right, web site needs running on platform can dynamically generate html pages link videos.
2) , how insert cloudfront "signed url" policies?? tips suggest use "signed url" connected cloudfront. cannot put puzzles together, confusing semi-advanced self-taught guy. so..:
the policy used generate signature, , included part of link generate, if use custom policy ... looks &policy=... followed base64 encoded version of policy.
it's in url?! yes. signature makes policy tamper-proof. embedded in signed url code generates each page load. if use canned policy, don't save/send anywhere. use signature calculation , throw away because cloudfront knows contained, because matches request that's being made (else, it's invalid, request correctly fails).
2a --> insert cloudfront policy? on s3 console?or where?
nowhere that. see above.
2b --> write, pls. provide working example!
there working example in documentation.
stack overflow not have free code giveaway service.
2c --> how include 1 specific domain
that's not how works. securing content domain not securing content @ all, because can forged.
your web site provides signed links. links valid because obtained you. few seconds -- long enough start download -- , expire... of hotlinks them, don't care, because link stale. why generate them each page load.
alternately, serve entire site through cloudfront, , use cloudfront signed cookies allow access restricted content logged in site.
3)i suspect protecting file permissions in s3 bucket not enough, cloudfront may ignore permission rule. correct?
no, cloudfront has no privileged access bucket, unless arrange it. cloudfront origin access identity gives necessary rights access objects in bucket.
Comments
Post a Comment