I'm using the following Python and json media convert job in order to run a AWS MediaConvert job. (original guide I followed is here).
The ACL on the new files created by the MediaConvert Job should be ACL: 'public-read'
however I'm unable to set this. I would prefer to assign this on the file rather than a bucket permission due to complexity in the folder structure on this bucket (I know there are no such things as true folders on S3).
Convert.py #!/usr/bin/env python
import glob
import json
import os
import uuid
import boto3
import datetime
import random
import urlparse
from botocore.client import ClientError
def handler(event, context):
assetID = str(uuid.uuid4())
sourceS3Bucket = event['Records'][0]['s3']['bucket']['name']
sourceS3Key = event['Records'][0]['s3']['object']['key']
sourceS3 = 's3://'+ sourceS3Bucket + '/' + sourceS3Key
sourceS3Basename = os.path.splitext(os.path.basename(sourceS3))[0]
destinationS3 = 's3://' + os.environ['DestinationBucket']
destinationS3basename = os.path.splitext(os.path.basename(destinationS3))[0]
mediaConvertRole = os.environ['MediaConvertRole']
region = os.environ['AWS_DEFAULT_REGION']
statusCode = 200
body = {}
# Use MediaConvert SDK UserMetadata to tag jobs with the assetID
# Events from MediaConvert will have the assetID in UserMedata
jobMetadata = {'assetID': assetID}
print (json.dumps(event))
try:
# Job settings are in the lambda zip file in the current working directory
with open('job.json') as json_data:
jobSettings = json.load(json_data)
print(jobSettings)
# get the account-specific mediaconvert endpoint for this region
mc_client = boto3.client('mediaconvert', region_name=region)
endpoints = mc_client.describe_endpoints()
# add the account-specific endpoint to the client session
client = boto3.client('mediaconvert', region_name=region, endpoint_url=endpoints['Endpoints'][0]['Url'], verify=False)
# Update the job settings with the source video from the S3 event and destination
# paths for converted videos
jobSettings['Inputs'][0]['FileInput'] = sourceS3
S3KeyWatermark = 'encoded-video/mp4/' + sourceS3Basename
jobSettings['OutputGroups'][0]['OutputGroupSettings']['FileGroupSettings']['Destination'] \
= destinationS3 + '/' + S3KeyWatermark
S3KeyThumbnails = 'encoded-video/poster/' + sourceS3Basename
jobSettings['OutputGroups'][1]['OutputGroupSettings']['FileGroupSettings']['Destination'] \
= destinationS3 + '/' + S3KeyThumbnails
print('jobSettings:')
print(json.dumps(jobSettings))
# Convert the video using AWS Elemental MediaConvert
job = client.create_job(Role=mediaConvertRole, UserMetadata=jobMetadata, Settings=jobSettings)
print (json.dumps(job, default=str))
except Exception as e:
print 'Exception: %s' % e
statusCode = 500
raise
finally:
return {
'statusCode': statusCode,
'body': json.dumps(body),
'headers': {'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*'}
}
job.json
{
"OutputGroups": [
{
"CustomName": "MP4",
"Name": "File Group",
"Outputs": [
{
"ContainerSettings": {
"Container": "MP4",
"Mp4Settings": {
"CslgAtom": "INCLUDE",
"FreeSpaceBox": "EXCLUDE",
"MoovPlacement": "PROGRESSIVE_DOWNLOAD"
}
},
"VideoDescription": {
"Width": 720,
"Height": 480,
"ScalingBehavior": "DEFAULT",
"TimecodeInsertion": "DISABLED",
"AntiAlias": "ENABLED",
"Sharpness": 50,
"CodecSettings": {
"Codec": "H_264",
"H264Settings": {
"InterlaceMode": "PROGRESSIVE",
"NumberReferenceFrames": 3,
"Syntax": "DEFAULT",
"Softness": 0,
"GopClosedCadence": 1,
"GopSize": 90,
"Slices": 1,
"GopBReference": "DISABLED",
"SlowPal": "DISABLED",
"SpatialAdaptiveQuantization": "ENABLED",
"TemporalAdaptiveQuantization": "ENABLED",
"FlickerAdaptiveQuantization": "DISABLED",
"EntropyEncoding": "CABAC",
"Bitrate": 3000000,
"FramerateControl": "INITIALIZE_FROM_SOURCE",
"RateControlMode": "CBR",
"CodecProfile": "MAIN",
"Telecine": "NONE",
"MinIInterval": 0,
"AdaptiveQuantization": "HIGH",
"CodecLevel": "AUTO",
"FieldEncoding": "PAFF",
"SceneChangeDetect": "ENABLED",
"QualityTuningLevel": "SINGLE_PASS",
"FramerateConversionAlgorithm": "DUPLICATE_DROP",
"UnregisteredSeiTimecode": "DISABLED",
"GopSizeUnits": "FRAMES",
"ParControl": "INITIALIZE_FROM_SOURCE",
"NumberBFramesBetweenReferenceFrames": 2,
"RepeatPps": "DISABLED"
}
},
"AfdSignaling": "NONE",
"DropFrameTimecode": "ENABLED",
"RespondToAfd": "NONE",
"ColorMetadata": "INSERT"
},
"AudioDescriptions": [
{
"AudioTypeControl": "FOLLOW_INPUT",
"CodecSettings": {
"Codec": "AAC",
"AacSettings": {
"AudioDescriptionBroadcasterMix": "NORMAL",
"Bitrate": 96000,
"RateControlMode": "CBR",
"CodecProfile": "LC",
"CodingMode": "CODING_MODE_2_0",
"RawFormat": "NONE",
"SampleRate": 48000,
"Specification": "MPEG4"
}
},
"LanguageCodeControl": "FOLLOW_INPUT"
}
]
}
],
"OutputGroupSettings": {
"Type": "FILE_GROUP_SETTINGS",
"FileGroupSettings": {
"Destination": "s3://<MEDIABUCKET>/assets/VANLIFE/MP4/"
}
}
},
{
"CustomName": "Thumbnails",
"Name": "File Group",
"Outputs": [
{
"ContainerSettings": {
"Container": "RAW"
},
"VideoDescription": {
"Width": 720,
"ScalingBehavior": "DEFAULT",
"Height": 480,
"TimecodeInsertion": "DISABLED",
"AntiAlias": "ENABLED",
"Sharpness": 50,
"CodecSettings": {
"Codec": "FRAME_CAPTURE",
"FrameCaptureSettings": {
"FramerateNumerator": 1,
"FramerateDenominator": 1,
"MaxCaptures": 1,
"Quality": 80
}
},
"AfdSignaling": "NONE",
"DropFrameTimecode": "ENABLED",
"RespondToAfd": "NONE",
"ColorMetadata": "INSERT"
}
}
],
"OutputGroupSettings": {
"Type": "FILE_GROUP_SETTINGS",
"FileGroupSettings": {
"Destination": "s3://<MEDIABUCKET>/assets/VANLIFE/Thumbnails/"
}
}
}
],
"AdAvailOffset": 0,
"Inputs": [
{
"AudioSelectors": {
"Audio Selector 1": {
"Offset": 0,
"DefaultSelection": "DEFAULT",
"ProgramSelection": 1
}
},
"VideoSelector": {
"ColorSpace": "FOLLOW"
},
"FilterEnable": "AUTO",
"PsiControl": "USE_PSI",
"FilterStrength": 0,
"DeblockFilter": "DISABLED",
"DenoiseFilter": "DISABLED",
"TimecodeSource": "EMBEDDED",
"FileInput": "s3://rodeolabz-us-west-2/vodconsole/VANLIFE.m2ts"
}
]
}
Of course I am open to Bucket policy suggestions also if public access can be limited to the following 'folders' within this bucket.
<BUCKET>/videos
<BUCKET>/encoded-video/mp4
<BUCKET>/encoded-video/poster
Many thanks in advance.
You can try the following policy (not tested):
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicAccessToFolders",
"Effect":"Allow",
"Principal":"*",
"Action":["s3:GetObject"],
"Resource":[
"arn:aws:s3:::examplebucket/videos/*",
"arn:aws:s3:::examplebucket/encoded-video/mp4/*",
"arn:aws:s3:::examplebucket/encoded-video/poster/*",
]
}
]
}
More info about how Amazon authorize bucket access is here, and few policy examples are here.