https://docs.aws.amazon.com/ja_jp/mediaconvert/latest/ug/getting-started.html
https://qiita.com/right1121/items/97beff9f2c300d868e69
https://aws.amazon.com/jp/mediaconvert/getting-started/
S3 -> Elemental MediaConvert -> S3 -> CloudFront
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 2. ロールの作成
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "mediaconvert.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 3. ポリシーをロールにアタッチ
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --role-name role01
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess --role-name role01
-- 4. S3 バケットを作成する
bucket123 -> 変換元ファイル格納用
bucket456 -> 変換先ファイル格納用(CloudFrontオリジン用)
aws s3 ls
aws s3 mb s3://bucket123
aws s3 mb s3://bucket456
-- 5. 動画ファイル(HLS)の作成
aws s3 ls s3://bucket123 --recursive
aws s3 cp test.mp4 s3://bucket123
aws mediaconvert describe-endpoints
{
"Queue": "arn:aws:mediaconvert:ap-northeast-1:999999999999:queues/Default",
"Role": "arn:aws:iam::999999999999:role/role01",
"Settings": {
"TimecodeConfig": {
"Source": "ZEROBASED"
},
"OutputGroups": [
{
"Name": "Apple HLS",
"Outputs": [
{
"ContainerSettings": {
"Container": "M3U8",
"M3u8Settings": {}
},
"VideoDescription": {
"CodecSettings": {
"Codec": "H_264",
"H264Settings": {
"Bitrate": 3000000,
"RateControlMode": "CBR",
"QualityTuningLevel": "SINGLE_PASS"
}
}
},
"AudioDescriptions": [
{
"CodecSettings": {
"Codec": "AAC",
"AacSettings": {
"Bitrate": 96000,
"CodingMode": "CODING_MODE_2_0",
"SampleRate": 48000
}
}
}
],
"OutputSettings": {
"HlsSettings": {}
},
"NameModifier": "conv"
}
],
"OutputGroupSettings": {
"Type": "HLS_GROUP_SETTINGS",
"HlsGroupSettings": {
"SegmentLength": 10,
"Destination": "s3://bucket456/",
"MinSegmentLength": 0
}
}
}
],
"Inputs": [
{
"AudioSelectors": {
"Audio Selector 1": {
"DefaultSelection": "DEFAULT"
}
},
"VideoSelector": {},
"TimecodeSource": "ZEROBASED",
"FileInput": "s3://bucket123/test.mp4"
}
]
},
"AccelerationSettings": {
"Mode": "DISABLED"
},
"StatusUpdateInterval": "SECONDS_60",
"Priority": 0
}
aws mediaconvert create-job \
--endpoint-url https://111111111.mediaconvert.ap-northeast-1.amazonaws.com \
--cli-input-json file://job.json
aws mediaconvert list-jobs \
--endpoint-url https://111111111.mediaconvert.ap-northeast-1.amazonaws.com
aws s3 ls s3://bucket456 --recursive
-- 6. ディストリビューションの作成
aws cloudfront create-distribution \
--origin-domain-name bucket456.s3.ap-northeast-1.amazonaws.com \
--default-root-object index.html
aws cloudfront list-distributions
aws cloudfront get-distribution \
--id 22222222222222
aws cloudfront get-distribution-config \
--id 22222222222222
-- 7. OAIの作成
aws cloudfront create-cloud-front-origin-access-identity \
--cloud-front-origin-access-identity-config '{
"CallerReference": "caller01",
"Comment": "oai01"
}'
aws cloudfront list-cloud-front-origin-access-identities
aws cloudfront get-cloud-front-origin-access-identity \
--id 3333333333333
-- 8. ディストリビューション設定
aws cloudfront get-distribution \
--id 22222222222222
aws cloudfront get-distribution-config \
--id 22222222222222
aws cloudfront get-distribution-config \
--id 22222222222222 | jq -r .DistributionConfig > distribution.json
(1) OAIをディストリビューションに追加する
Origins -> Items -> CustomHeaders の下の
CustomOriginConfigを削除して下記S3OriginConfigを追加
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/3333333333333"
},
(2) Viewer Protocol Policy を Redirect HTTP to HTTPS へ変更
DefaultCacheBehavior -> ViewerProtocolPolicy
"ViewerProtocolPolicy": "allow-all",
↓
"ViewerProtocolPolicy": "redirect-to-https",
aws cloudfront update-distribution \
--id 22222222222222 \
--if-match $(aws cloudfront get-distribution-config --id 22222222222222 | jq -r .ETag) \
--distribution-config file://distribution.json
-- 9. OAI に Amazon S3 バケット内のファイルの読み込みアクセス許可を付与する
{
"Version": "2012-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 3333333333333"
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::bucket456/*"
}
]
}
aws s3api put-bucket-policy \
--bucket bucket456 \
--policy file://b.json
aws s3api get-bucket-policy \
--bucket bucket456
-- 10. インデックスドキュメントの設定
vim index.html
<html>
<head>
<title>VHS de HLS</title>
<link href="https://vjs.zencdn.net/7.4.1/video-js.css" rel="stylesheet">
</head>
<body>
<video-js id=example-video width=1280 height=720 class="vjs-default-skin" controls>
<source
src="https://44444444444444.cloudfront.net/testconv.m3u8"
type="application/x-mpegURL">
</video-js>
<script src="https://vjs.zencdn.net/7.4.1/video.js"></script>
<script>
var player = videojs('example-video');
</script>
</body>
</html>
aws s3api put-object --bucket bucket456 --key index.html --body index.html --content-type text/html
aws s3 ls s3://bucket456 --recursive
-- 11. 動作確認
http://44444444444444.cloudfront.net/index.html
-- 12. クリーンアップ
-- ディストリビューションの無効化
aws cloudfront get-distribution \
--id 22222222222222
aws cloudfront get-distribution-config \
--id 22222222222222
※ distribution.jsonはget-distribution-configコマンドのDistributionConfigから取得し、Enabledをfalseに変更する
aws cloudfront get-distribution-config \
--id 22222222222222 | jq -r .DistributionConfig > distribution.json
sed -i 's/"Enabled": true/"Enabled": false/' distribution.json
aws cloudfront update-distribution \
--id 22222222222222 \
--if-match $(aws cloudfront get-distribution-config --id 22222222222222 | jq -r .ETag) \
--distribution-config file://distribution.json
無効化されるまで待つ
-- ディストリビューションの削除
aws cloudfront get-distribution \
--id 22222222222222
aws cloudfront get-distribution-config \
--id 22222222222222
aws cloudfront delete-distribution \
--id 22222222222222 \
--if-match $(aws cloudfront get-distribution-config --id 22222222222222 | jq -r .ETag)
aws cloudfront list-distributions
-- OAIの削除
aws cloudfront list-cloud-front-origin-access-identities
aws cloudfront delete-cloud-front-origin-access-identity \
--id 3333333333333 \
--if-match $(aws cloudfront get-cloud-front-origin-access-identity --id 3333333333333 | jq -r .ETag)
aws s3 rb s3://bucket123 --force
aws s3 rb s3://bucket456 --force
-- ロールの削除
aws iam list-roles | grep role01
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess
aws iam delete-role --role-name role01
