1

I'm trying to create a very simple flow that uses Elastic Transcoder to output HLS streams that can be served up directly from S3.

The pipeline and job are spitting out the right files, as far as I can tell and reporting that the job is completing successfully, but it doesn't seem to be setting the permissions on the S3 objects to allow access via anonymous requests.

Here's what the permissions on the generated files look like:

File Permissions

And here's how my pipeline is configured:

Pipeline Configuration

For some reason—probably entirely my fault—it seems like the pipeline configuration is being ignored when it comes to setting permissions on the objects stashed in S3. I've dug around a bit and haven't found much evidence that other people have run into this problem, which makes me pretty confident that I'm doing something wrong.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Jim Wong
  • 407
  • 3
  • 13

2 Answers2

4

You have to double check the following:

  • Your pipeline should have something similar to this screenshot(ie. for both Transcoded files and thumbnails) enter image description here
  • Your output bucket should not have restricting policy

  • Your IAM policy used by ElasticTranscoder should be similar to this one:

    {
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Action": [
                "s3:Put*",
                "s3:ListBucket",
                "s3:*MultipartUpload*",
                "s3:Get*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": "*"
        },
        {
            "Sid": "3",
            "Effect": "Deny",
            "Action": [
                "s3:*Delete*",
                "s3:*Policy*",
                "sns:*Remove*",
                "sns:*Delete*",
                "sns:*Permission*"
            ],
            "Resource": "*"
        }
    ] 
}
Thomas L.
  • 1,294
  • 9
  • 13
  • So, I double-checked all those items--including configuring permissions for thumbnails, even though I'm not generating any--re-ran the job, and it worked: the files came out with the right permissions. Then, I backed out the configuration change for thumbnails and the job _still_ worked. So effectively, the same configuration that wasn't working last night is working now. I have no idea why that's the case, but your answer was helpful as a sanity check nevertheless. Thanks! – Jim Wong Jan 06 '16 at 16:40
0

You have to add AmazonS3ReadOnlyAccess policy to Elastic_Transcoder_Default_Role to see Grantee 'All Users' AWS transcoder policy

Alex
  • 513
  • 6
  • 14