An open source Category Plugin for the AWS Amplify-CLI that makes it easy to deploy live and file based streaming video services and integrate them into your Amplify applications.
Describe the bug
With the following setup where CloudFront is used to deliver the videos (Is this a production environment? YES), access to the files is denied (403). With the UnicornFlix example uploading a video works and the files are correctly generated in the output bucket. However, when trying to access them through Cloudfront a 403 is returned.
It works as soon as I change the generated S3 bucket policy from (see the "Principal" value):
So it seems like there is an issue with the Origin Access Identity not giving the CloudFront distribution access to the S3 bucket.
Tried it with and without the signed URL option, but getting the same error. It works fine when selecting "No" for the production environment questions. Also checked all steps in https://github.com/awslabs/amplify-video/wiki/Troubleshooting without success.
Might be related to #142
To Reproduce
Steps to reproduce the behavior:
Add video as shown below:
Upload a video with the UnicornFlix example and try to access the generated output files.
Expected behavior
Successfully granting the generated CloudFront distribution read access to the video files in the output bucket through the OAI and S3 policy.
Screenshots
Please see screenshots in steps above.
Desktop (please complete the following information):
I've just tried it again and it's working just fine now. Not sure what the issue was but will close this for now. Thank you for the great work on this plugin!
Describe the bug With the following setup where CloudFront is used to deliver the videos (
Is this a production environment? YES
), access to the files is denied (403). With the UnicornFlix example uploading a video works and the files are correctly generated in the output bucket. However, when trying to access them through Cloudfront a 403 is returned.It works as soon as I change the generated S3 bucket policy from (see the "Principal" value):
{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E3IROGGL51D28M" }, "Action": "s3:getObject", "Resource": "arn:aws:s3:::videodemand-vod-output-ifwwsbny/*" } ] }
to
{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:getObject", "Resource": "arn:aws:s3:::videodemand-vod-output-ifwwsbny/*" } ] }
So it seems like there is an issue with the Origin Access Identity not giving the CloudFront distribution access to the S3 bucket.
Tried it with and without the signed URL option, but getting the same error. It works fine when selecting "No" for the production environment questions. Also checked all steps in https://github.com/awslabs/amplify-video/wiki/Troubleshooting without success.
Might be related to #142
To Reproduce Steps to reproduce the behavior:
Expected behavior Successfully granting the generated CloudFront distribution read access to the video files in the output bucket through the OAI and S3 policy.
Screenshots Please see screenshots in steps above.
Desktop (please complete the following information):