1. Create a dedicated AWS User whose credentials will be used in AVflow

Go to: https://console.aws.amazon.com/iam/home
Select Users menu item from the left navigation

Select Add user create a dedicated user for AVflow,
Select Programmatically access

Select Next tag

Select Next : Review

Then select Create user

The new user is created now. Just download the credential as you will need it to allow AVflow to access your AWS resource.

2. Specify the permissions for the created User and restrict access to the target bucket only.

Go back to https://console.aws.amazon.com/iam/home and select Users from left navigation

Select newly created user.
Select Add inline policy

Select tab JSON

Edit the JSON as below example to allow the current user to have all access to your S3 bucket (In this example named "my-bucket").

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::ffmpeg-transcode-prod"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*"
}
]
}

Select "Review policy", add policy name then select Create policy

All the settings to allow AVflow to access to S3 bucket are done now. Just make sure that the bucket specified in the policy is an existing and valid one.

Important point:

  • Your credentials are encrypted and private, even AVflow's team has no access to them.

  • The access to "arn:aws:s3:::ffmpeg-transcode-prod" resource is allow system copy the result from AVflow bucket named "ffmpeg-transcode-prod" to your bucket.

Did this answer your question?