I'm trying to implement AWS Chime meeting with a Media Capture Pipeline in my application but I keep getting this error when setting up the pipeline by running the start capture function (code below): Insufficient permission to access S3 bucket: s3-bucket-name
Here is what I have tried:
What am I missing in my setup? Are there additional permissions or configurations needed for AWS Chime meeting to work properly?
import {
CreateMediaCapturePipelineCommand,
ChimeSDKMediaPipelinesClient,
} from '@aws-sdk/client-chime-sdk-media-pipelines';
import {
ChimeSDKMeetingsClient,
CreateAttendeeCommand,
CreateAttendeeCommandInput,
CreateMeetingCommand,
CreateMeetingCommandInput,
} from '@aws-sdk/client-chime-sdk-meetings';
export const chimeSdkMeetings = new ChimeSDKMeetingsClient({
credentials: {
accessKeyId: process.env.AWS_KEY_ID || '',
secretAccessKey: process.env.AWS_SECRET || '',
},
region: 'eu-central-1',
});
export const chimeSDKMediaPipelinesClient = new ChimeSDKMediaPipelinesClient({
credentials: {
accessKeyId: process.env.AWS_KEY_ID || '',
secretAccessKey: process.env.AWS_SECRET || '',
},
region: 'eu-central-1',
});
export const startCapture = async (meetingId: string) => {
return chimeSDKMediaPipelinesClient.send(
new CreateMediaCapturePipelineCommand({
ChimeSdkMeetingConfiguration: {
ArtifactsConfiguration: {
Audio: { MuxType: 'AudioOnly' },
Content: { State: 'Disabled' },
Video: { State: 'Disabled' },
},
},
SinkArn: 'arn:aws:s3:::s3-bucket-name',
SinkType: 'S3Bucket',
SourceArn: `arn:aws:chime::${AWS_ACCOUNT_ID}:meeting:${meetingId}`,
SourceType: 'ChimeSdkMeeting',
}),
);
};
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSChimeMediaCaptureBucketPolicy",
"Effect": "Allow",
"Principal": {
"Service": "mediapipelines.chime.amazonaws.com"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::s3-bucket-name/*",
"arn:aws:s3:::s3-bucket-name"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "${AWS_ACCOUNT_ID}"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:chime:*:${AWS_ACCOUNT_ID}:*"
}
}
},
{
"Sid": "AWSChimeMediaConcatBucketPolicy",
"Effect": "Allow",
"Principal": {
"Service": "mediapipelines.chime.amazonaws.com"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::s3-bucket-name/*",
"arn:aws:s3:::s3-bucket-name"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "${AWS_ACCOUNT_ID}"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:chime:*:${AWS_ACCOUNT_ID}:*"
}
}
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::s3-bucket-name",
"arn:aws:s3:::s3-bucket-name/*"
]
},
{
"Effect": "Allow",
"Action": [
"chime:CreateMediaCapturePipeline",
"chime:CreateMeeting",
"chime:CreateAttendee"
],
"Resource": "*"
}
]
}
OK I was able to get this to work finally!! I just had to follow this guide.
I just updated the Bucker police to the one mentioned in the guide and updated my IAM role to the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"chime:*",
"s3:GetBucketPolicy",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}