For AVflow to run seamlessly, you need to config the correct IAM permissions and the correct S3 resource permissions.
This article is about setting up the S3 resource permissions in AWS for AVflow.
To set up the IAM permissions for AVflow, see this article.
S3 trigger allows us to trigger flows on uploading of new objects in your bucket. Behind the scenes, AVflow uses Event Bridge to get notified if there's a file uploaded.
Here how to enable permissions at the resource and bucket level to get a flow to run:
[note: you will need to add these permissions for each bucket you want AVflow to have access to]
1. Create new bucket in any region to store source audio / video assets:
2. Set Object Ownership
3. Block Public Access
4. Enable bucket versioning to make sure the event will be fired when there's an object uploaded.
5. Leave the remaining options as default and create the bucket
6. Configure the bucket policy
Go to the bucket and select Permissions tab
Scroll to Bucket policy section and edit
Allow AVflow's account to access the created bucket.
arn:aws:iam::935711688040:root is AVflow's AWS account that needs permission to check a file's existence and create the event bridge notification (Don't change this)
Is the current bucket name so replace "my-prod-video" with your bucket name.
The associated JSON policy is below:
Save the permissions.
7. Now go to AVflow and config the S3 trigger / enable the flow
8. In AWS: check the "Event Notifications" section under the "Properties" tab after the flow is successfully enabled. There should be a notification created as in the following screenshot.
If you have any questions, don't hesitate to message us.