堆栈内存溢出
  简体   繁体   English

可以访问S3存储桶以流式传输视频的AWS EC2实例

[英]AWS EC2 instance with access to S3 bucket for streaming a video

 原文  2018-06-07 16:38:49       amazon-web-services/ amazon-s3

问题描述

I am quite familiar with EC2 instances, IAM's (users, roles, groups), S3 buckets and policies and hope the community can help me here. 我对EC2实例,IAM(用户,角色,组),S3存储桶和策略非常熟悉,希望社区可以在这里为我提供帮助。

Let's assume I have an EC2 instance with a webserver running. 假设我有一个运行Web服务器的EC2实例。 This EC2 instance hosts a web video player (video js, JWPlayer etc.). 此EC2实例托管一个Web视频播放器(视频js,JWPlayer等)。 Ideally I would like to host an MP4 on a S3 bucket without making the S3 bucket public. 理想情况下,我希望在不公开S3存储桶的情况下将MP4托管在S3存储桶中。

My initial thought was that I could either create a role with full access to the S3 bucket or assign a policy to the bucket that allows the instance to have access. 我最初的想法是,我可以创建一个对S3存储桶具有完全访问权限的角色,也可以为该存储桶分配一个允许实例访问的策略。

I have tried many policies and roles but neither seem to work. 我尝试了许多策略和角色,但似乎都没有用。 Now I am wondering if this is even possible. 现在我想知道这是否有可能。

设计

I understand that this architecture is not perfect and that you would potentially use cloudfront to serve the video. 我了解这种架构并不完美,您可能会使用Cloudfront来提供视频。 However, this is just a proof of concept...if possible. 但是,这仅仅是概念证明……如果可能的话。 Thank you guys!! 感谢大伙们!!

1 个解决方案

解决方案1
 0  2018-06-07 21:41:53

This is the perfect use-case for an Amazon S3 pre-signed URL , which provides time-limited access to a private object. 这是Amazon S3 预签名URL的完美用例,它提供了对私有对象的限时访问。 It completely offloads the traffic to S3, making it highly scalable for serving content. 它将流量完全卸载到S3,使其具有很高的可伸缩性,可以提供内容。

Basically: 基本上:

  • The object is kept private 该对象保持私有
  • Your application determines whether the user is entitled to access the file 您的应用程序确定用户是否有权访问该文件
  • The application generates the pre-signed URL with a time limit of, say, 5 minutes 应用程序生成的预签名URL的时间限制为5分钟
  • The application includes the URL in the standard HTML page (eg, if it was an image, use <img src="..."> 该应用程序将URL包含在标准HTML页面中(例如,如果它是图像,请使用<img src="...">

Yes, a user can share the link with other people, but it expires after the given time period. 是的,用户可以与其他人共享该链接,但是该链接在给定时间段后到期。

You can also Serve Private Content through CloudFront , which can work better for many media players because it can serve streaming media . 您还可以通过CloudFront服务私人内容 ,因为它可以为流媒体提供服务,所以它对于许多媒体播放器来说效果更好。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何配置通过 VPC 从 aws ec2 实例访问我的 aws s3 存储桶 - How to configure access to my aws s3 bucket from aws ec2 instance via VPC AWS将S3存储桶与EC2实例同步 - AWS Synchronize S3 bucket with EC2 instance 重启 EC2 实例后 AWS S3 存储桶未重新挂载 - AWS S3 bucket is not remounting after restarting EC2 Instance AWS S3 存储桶策略:如何授予对 EC2 实例的访问权限? - AWS S3 Bucket Policy: How to grant access to EC2 instance? 从EC2实例访问Amazon S3 Bucket - Access to Amazon S3 Bucket from EC2 instance 授予 EC2 实例访问 S3 存储桶的权限 - Grant EC2 instance access to S3 Bucket 如何从EC2实例访问S3存储桶 - How to access s3 bucket from ec2 instance 从EC2实例本地访问Amazon S3 Bucket - Local access to Amazon S3 Bucket from EC2 instance 从 EC2 访问 AWS S3 存储桶 - AWS S3 Bucket Access from EC2 AWS - 无法从 EC2 访问 S3 存储桶对象 - AWS - Unable to access S3 bucket object from EC2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM