Streaming to AWS Elemental MediaStore
KB can stream to AWS Elemental MediaStore with a default KB type stream, but access must be set up in the AWS environment to allow the external stream the correct network access and permissions that are required.
The AWS MediaStore reference documents are available at:
https://docs.aws.amazon.com/mediastore/latest/ug/policies.html
https://docs.aws.amazon.com/mediastore/latest/ug/policies-examples-public-https.html
https://docs.aws.amazon.com/mediastore/latest/ug/policies-examples-access-by-specific-ip.html
To setup the AWS environment for a KB stream, add the following to the container policy:
Allow public access to the AWS container.
For security purposes, restrict access to only the public IP address of your KB.
Add parameters for public reading from the container, so the content can be served.
Use the following container policy, substituting your specific information (Amazon Resource Name (ARN), account number, etc.) where specified:
{
"Version": "2012-10-17",
"Statement": [
{ // this allows internal AWS access
"Sid": "MediaStoreFullAccess",
"Action": [ "mediastore:*" ],
"Principal": {"AWS" : "arn:aws:iam::551940372526:root"},
"Effect": "Allow",
"Resource": "<put arn here>",
"Condition": {
"Bool": { "aws:SecureTransport": "true" }
}
},
{ // this allows external Full Access and should be restricted by IP address or range
"Sid" : "PublicFullAccess",
"Effect" : "Allow",
"Principal" : "*",
"Action" : "mediastore:*",
"Resource" : "<put arn here>",
"Condition" : {
"Bool" : { "aws:SecureTransport" : "true" }
}
},
{ // this allows public read-only access for viewers or use as an Origin
"Sid": "PublicReadOverHttps",
"Effect": "Allow",
"Action": ["mediastore:GetObject", "mediastore:DescribeObject"],
"Principal": "*",
"Resource": "arn:aws:mediastore:<region>:<owner acct number>:container/<container name>/*",
"Condition": {
"Bool": { "aws:SecureTransport": "true" }
}
}
]
}