Support for aws session_token

livekit / egress

Export and record WebRTC sessions and tracks

https://blog.livekit.io/livekit-universal-egress-launch/

Apache License 2.0

175 stars 71 forks source link

Support for aws session_token #696

Closed trzeciak closed 4 months ago

trzeciak commented 4 months ago

AWS offers a third component of aws-credentials: access_key_id + secret_access_key + session_token, see LINK (and livekit/egress currently only supports two of them).

I've already asked the same question on livekit/slack LINK. I was directed to this place by cool people, for which I thank them.

PS: I tried passing the session_token via metadata, but it doesn't seem to work (mp4 file wasn't placed on S3), like:

            …
            "s3": {
                "access_key": "<access_key_id>",
                "secret": "<secret_access_key>",
                "metadata": {
                    "X-Amz-Security-Token": "<session_token>"
                },
                …
            }
            …

(the aws documentation does not confirm that this should work at all, links: Working with object metadata - Amazon Simple Storage Service, Using temporary credentials with AWS resources - AWS Identity and Access Management (amazon.com ), Signing and authenticating REST requests - Amazon Simple Storage Service)

trzeciak commented 4 months ago

Did they fail the tests or do I need to do something extra?

frostbyte73 commented 4 months ago

Did they fail the tests or do I need to do something extra?

No, we need to run the tests to allow the secrets to be passed in

trzeciak commented 4 months ago

Is there any way I can help with this (any tip?), or do I just have to patiently wait for someone from livekit (like you)?

frostbyte73 commented 4 months ago

Is there any way I can help with this (any tip?), or do I just have to patiently wait for someone from livekit (like you)?

I just merged https://github.com/livekit/protocol/pull/734 yesterday, can you update protocol as well (to v1.17.1-0.20240612003900-1dd95af54240)? I don't think any more changes are needed. I'll run the tests and merge after that

trzeciak commented 4 months ago

Okej 😅 (but today I tried 'golang getting started' first time 😄) To be clear, I run these commands in the egress dir-repo:

❯ go mod download
❯ go get github.com/livekit/protocol@v1.17.1-0.20240612003900-1dd95af54240
go: downloading golang.org/x/mod v0.17.0
go: upgraded github.com/livekit/protocol v1.16.1-0.20240513145257-511f517b1abf => v1.17.1-0.20240612003900-1dd95af54240
go: upgraded github.com/livekit/psrpc v0.5.3-0.20240403150641-811331b106d9 => v0.5.3-0.20240526192918-fbdaf10e6aa5

This also updated the version of livekit/psrpc and added dependencies to golang.org/x/mod, see: LINK.

BTW: My go version:

❯ go version
go version go1.22.4 darwin/arm64

~~PS: Hm.. maybe I should run this on Linux?~~

PS: I also did this on Linux and after these commands the updated version was the same.

$ go version
go version go1.22.1 linux/amd64

trzeciak commented 1 month ago

Hey, is there a known ETA release date for the next version of egress (and next deploy to livekit cloud/prod)?
I'm asking in the context of session token support.

(answer from slack channel)

that was deployed a couple months ago, and v1.8.6 was released 2 weeks ago

✅