0

We have some videos in an S3 bucket. they've been transformed using AWS Elastic Transcoder to .m3u8 / .ts We want the users to be able to stream these videos on both a web app and a mobile app.

Now, we want to secure this streaming, so our videos won't get pirated.

So, our proposed solution is as follows:

  • Prevent public access to the S3 bucket
  • create a cloudfront distribution with the bucket as the origin
  • Only enable access to this CDN using pre-signed URLs/cookies
  • For web app: use a pre-signed cookie (set by an endpoint at our backend that requires authentication), so that it works well with HLS (since the app needs to fetch a new segment every few seconds)

But now we don't know what to do with our mobile app. We can't use pre-signed cookies since there's no browser, and we can't use pre-signed URLs, since we'll need a signed URL for each segment we need to fetch. Any suggestions and solutions are welcome.

Yogado
  • 35
  • 3

1 Answers1

0

For our similar use-case:

  1. We used CloudFront url and not S3 signed url. Because S3 signed URL is valid at object level and not folder level.
  2. For paid videos, security and access was managed by Lambda@Edge on viewer requests.
  3. Although we used OAuth and database inside that lambda, but surprisingly, we didn't face any bottlenecks on Lambda@Edge. For future plans we considered using Redis for seamless access validation inside Lambda@Edge.
amsh
  • 3,097
  • 2
  • 12
  • 26
  • We're also using CloudFront URL, but how to make it so that it's able to do HLS? I'm supposed to fetch the master.m3u8 file, ok, this is easily done using a pre-signed URL, but how about the next .ts segments? how would I be able to fetch them? – Yogado Oct 05 '20 at 09:04
  • @Yogado We used HLS player and added a url like: `example.com/s3/path/file.m3u8?param1=a&param2=b`. Rest of the magic was done by the player that fetched the .ts segments with urls like: `example.com/s3/path/file1.ts?param1=a&param2=b` – amsh Oct 05 '20 at 09:08
  • I'm sorry, but can you say which HLS does that ? I keep searching and I can't any browser or mobile player that does forwards the parameters with each request :/ – Yogado Oct 06 '20 at 17:12
  • @Yogado You can refer to this: https://stackoverflow.com/a/59241113/9907481 . We also used http-streaming-library. If my answer was useful you can accept it. Thanks – amsh Oct 06 '20 at 17:44