For AVflow to run seamlessly, you need to config the correct IAM permissions and the correct S3 resource permissions.

This article is about setting up the IAM permissions in AWS for AVflow.

To set up the S3 resource permissions for AVflow, see this article.

This article is about setting up IAM in AWS to grant AVflow the requisite read/write access to your AVflow S3 bucket so it can monitor when new files are uploaded and be able to save back files to it. If you are just testing, the quickest setup is to give Full Access to S3. Or follow the below to give limited access.

1. Create a dedicated AWS User whose credentials will be used in AVflow

Go to: https://console.aws.amazon.com/iam/home
Select Users menu item from the left navigation

Select Add user create a dedicated user for AVflow,
Select Programmatically access

Select Next tag

Select Next : Review

Then select Create user

The new user is created now. Just download the credential as you will need it to allow AVflow to access your AWS resource.

2. Specify the permissions for the created User and restrict access to the target bucket only.

Go back to https://console.aws.amazon.com/iam/home and select Users from left navigation

Select newly created user.
Select Add inline policy

Select tab JSON

Edit the JSON as below example to allow the current user to have all access to your S3 bucket (In this example named "my-bucket").

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::ffmpeg-transcode-prod"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*"
}
]
}

Select "Review policy", add policy name then select Create policy

All the settings to allow AVflow to access to S3 bucket are done now. Just make sure that the bucket specified in the policy is an existing and valid one.

Important points:

  • Your credentials are encrypted and private, even AVflow's team has no access to them.

  • The access to "arn:aws:s3:::ffmpeg-transcode-prod" resource is to allow the system to copy the outputs from the AVflow bucket named "ffmpeg-transcode-prod" into your bucket.

Did this answer your question?