|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
This section describes how you configure and manage RTMP distributions. For information about how to create an RTMP distribution, see Creating RTMP Distributions.
To stream media files using CloudFront, you provide two types of files to your end users:
Your media files
A media player, for example, JW Player, Flowplayer, or Adobe Flash
End users view your media files using the media player that you provide for them; they do not use the media player (if any) that is already installed on their computer or other device.
When an end user streams your media file, the media player begins to play the content of the file while the file is still being downloaded from CloudFront. The media file is not stored locally on the end user's system.
To use CloudFront to serve both the media player and the media files, you need two types of distributions: a web distribution for the media player, and an RTMP distribution for the media files. Web distributions serve files over HTTP, while RTMP distributions stream media files over RTMP (or a variant of RTMP).
The following example assumes that your media files and your media player are stored in different buckets in Amazon S3, but that isn't required—you can store media files and your media player in the same Amazon S3 bucket. You can also make the media player available to end users in other ways, for example, using CloudFront and a custom origin. However, the media files must use an Amazon S3 bucket as the origin.
In the following diagram, your site serves a cached copy of the media player to each end user through the
d1234.cloudfront.net domain. The media player then accesses cached copies of your media files through the
Your media player bucket holds the media player and is the origin server for a regular HTTP distribution.
In this example, the domain name for the distribution is
Your streaming media bucket holds your media files and is the origin server for an RTMP distribution.
In this example, the domain name for the distribution is
When you configure CloudFront to distribute media files, CloudFront uses Adobe Flash Media Server 3.5 as the streaming server and streams your media files using Adobe's Real-Time Messaging Protocol (RTMP). CloudFront accepts RTMP requests over port 1935 and port 80.
CloudFront supports the following variants of the RTMP protocol:
RTMP—Adobe's Real-Time Message Protocol
RTMPT—Adobe streaming tunneled over HTTP
RTMPTE—Adobe encrypted tunneled over HTTP
For a basic summary of RTMP and the file formats that Adobe Flash Media Server supports, go to Overview of Streaming with Flash Media Server 3 on the Adobe website. The overview includes information about supported codecs and containers.
Resources available on the Internet can help you determine the bit rate to use for your Flash files, for example, the Flash video (FLV) bitrate calculator on the Adobe website.
CloudFront supports all of the features in Adobe Flash Media Server 3.5 related to dynamic streaming, which lets you switch between streams of different qualities during playback. For more information, go to Dynamic streaming in Flash Media Server 3.5: Part 1 on the Adobe website.
To serve streamed content, you need to provide your end users with a media player. You can write your own player using Adobe Flash. For more information, go to http://www.adobe.com/products/flashplayer/. Alternatively, you can use an existing player. For more information, see the following tutorials:
When you create a distribution, you specify where CloudFront gets the files that it distributes to edge locations. For an RTMP distribution, you must use an Amazon S3 bucket; custom origins are not supported. To get your objects into your bucket, you can use any method supported by Amazon S3, for example, the Amazon S3 API or a third-party tool. You can create a hierarchy in your bucket just as you would with any other Amazon S3 bucket. You incur regular Amazon S3 charges for storing the objects in the bucket. For more information about the charges to use CloudFront, see CloudFront Billing and Usage.
Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects (at the normal Amazon S3 prices).
You can use the same Amazon S3 bucket for both RTMP and web distributions.
After you create an RTMP distribution, you can't change its origin server. If you need to change the Amazon S3 bucket for an RTMP distribution, you must create a new distribution that uses the new bucket and update either your links or your DNS records to use the domain name for the new distribution. You can then delete the original distribution. For more information, see Deleting a Distribution.
When you specify the name of the Amazon S3 bucket that you want CloudFront to get objects from, you use the following format:
Do not specify the name of the bucket using the following values:
The Amazon S3 path style,
The Amazon S3 CNAME, if any
For your bucket to work with CloudFront, the name must conform to DNS naming requirements. For more information, go to Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.
You typically create one RTMP distribution per Amazon S3 bucket, but you can choose to create multiple
RTMP distributions for the same bucket. For example, if you had two distributions for an Amazon S3 bucket,
you could reference a single media file using either distribution. In this case, if you had a media file called
media.flv in your origin server, CloudFront would work with each distribution as though it
referenced an individual
media.flv object: one
through one distribution, and another
media.flv accessible through the other distribution.
To stream media files using CloudFront, you create an RTMP distribution and specify the following values.
The DNS domain name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin, for example,
myawsbucket.s3.amazonaws.com. In the CloudFront console, click in the Origin Domain Name
field, and a list enumerates the Amazon S3 buckets that are associated with the current AWS account. To use a bucket from a
different AWS account, type the domain name of the bucket in the following format:
The files must be publicly readable unless you secure your content in Amazon S3 by using a CloudFront origin access identity. For more information, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.
The bucket name must conform to DNS naming requirements. For more information, go to Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.
When you change the bucket from which CloudFront gets objects for the current origin, CloudFront immediately begins replicating the change to CloudFront edge locations. Until the distribution configuration is updated in a given edge location, CloudFront will continue to forward requests to the previous Amazon S3 bucket. As soon as the distribution configuration is updated in that edge location, CloudFront begins to forward requests to the new Amazon S3 bucket.
Changing the bucket does not require CloudFront to repopulate edge caches with objects from the new origin. As long as the viewer requests in your application have not changed, CloudFront will continue to serve objects that are already in an edge cache until the TTL on each object expires or until seldom-requested objects are evicted.
For more information, see Using an Amazon S3 Bucket as the Origin for an RTMP Distribution.
Click Yes if you want to require end users to access objects in an Amazon S3 bucket by using only CloudFront URLs, not by using Amazon S3 URLs. Then specify the applicable values.
Click No if you want end users to be able to access objects using either CloudFront URLs or Amazon S3 URLs.
For more information, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.
If you chose Yes for Restrict Bucket Access, choose whether to create a new origin access identity or use an existing one that is associated with your AWS account. If you already have an origin access identity, we recommend that you reuse it to simplify maintenance. For more information about origin access identities, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.
If you chose Create a New Identity for Origin Access Identity, enter a comment that identifies the new origin access identity. CloudFront will create the origin access identity when you create this distribution.
If you chose Use an Existing Identity for Origin Access Identity, choose the origin access identity that you want to use. You cannot use an origin access identity that is associated with another AWS account.
If you want CloudFront to automatically grant the origin access identity the permission to read objects in your Amazon S3 bucket, click Yes, Update Bucket Policy.
If you click Yes, Update Bucket Policy, CloudFront updates the bucket policy to grant the specified origin access identity the permission to read objects in your bucket. However, CloudFront does not remove existing permissions in the bucket policy or permissions on individual objects. If users currently have permission to access the objects in your bucket using Amazon S3 URLs, they will still have that permission after CloudFront updates your bucket policy. To view or change the existing bucket policy and the existing permissions on the objects in your bucket, use a method provided by Amazon S3. For more information, see Granting the Origin Access Identity Permission to Read Objects in Your Amazon S3 Bucket.
If you want to update permissions manually, for example, if you want to update ACLs on your objects instead of updating bucket permissions, click No, I will Update Permissions.
The price class that corresponds with the maximum price that you want to pay for CloudFront service. By default, CloudFront serves your objects from edge locations in all CloudFront regions.
For more information about price classes and about how your choice of price class affects CloudFront performance for your distribution, see Choosing the Price Class for a CloudFront Distribution. For information about CloudFront pricing, including how price classes map to CloudFront regions, go to Amazon CloudFront Pricing.
Optional. You can associate one or more CNAME aliases with a distribution so that you can use your domain name (for example, example.com) in the URLs for your objects instead of using the domain name that CloudFront assigned when you created your distribution. For more information, see Using Alternate Domain Names (CNAMEs).
Whether you want CloudFront to log information about each request for an object and store the log files in an Amazon S3 bucket. You can enable or disable logging at any time. There is no extra charge if you enable logging, but you accrue the usual Amazon S3 charges for storing and accessing the files in an Amazon S3 bucket. You can delete the logs at any time. For more information about CloudFront access logs, see Access Logs.
If you chose On for Logging, the Amazon S3 bucket that you want CloudFront
to store access logs in, for example,
myawslogbucket.s3.amazonaws.com. If you enable logging,
CloudFront records information about each end-user request for an object and stores the files in the specified Amazon S3 bucket.
You can enable or disable logging at any time. For more information about CloudFront access logs, see
Optional. If you chose On for Logging, specify the string, if any,
that you want CloudFront to prefix to the access log filenames for this distribution, for example,
The trailing slash ( / ) is optional but recommended to simplify browsing your log files. For more information about CloudFront access logs,
see Access Logs.
Optional. When you create a distribution, you can include a comment of up to 128 characters. You can update the comment at any time.
When you create a distribution, you must specify whether you want the distribution to be enabled or disabled after it's created:
Enabled means that as soon as the distribution is fully deployed you can deploy links that use the distribution's domain name and end users can retrieve content. Whenever a distribution is enabled, CloudFront accepts and processes any end-user requests for content that use the domain name associated with that distribution.
When you create, modify, or delete a CloudFront distribution, it takes time for your changes to propagate to the CloudFront database. An immediate request for information about a distribution might not show the change. Propagation usually completes within minutes, but a high system load or network partition might increase this time.
Disabled means that even though the distribution might be deployed and ready to use, end users can't use it. When a distribution is disabled, CloudFront doesn't accept any end-user requests that use the domain name associated with that distribution. Until you switch the distribution from disabled to enabled (by updating the distribution's configuration), no one can use it.
You can toggle a distribution between disabled and enabled as often as you want. For information about updating a distribution's configuration, see Listing, Viewing, and Updating CloudFront Distributions.
If you want requests for objects served by this distribution to use public URLs, click No. If you want requests to use signed URLs, click Yes. Then specify the AWS accounts that you want to use to create signed URLs; these accounts are known as trusted signers.
For more information about trusted signers, see Specifying the AWS Accounts That Can Create Signed URLs (Trusted Signers).
Choose which AWS accounts you want to use as trusted signers for this distribution:
Self: Use the account with which you're currently signed into the AWS Management Console as a trusted signer. If you're currently signed in as an IAM user, the associated AWS account is added as a trusted signer.
Specify Accounts: Enter account numbers for trusted signers in the AWS Account Numbers field.
To create signed URLs, an AWS account must have at least one active CloudFront key pair.
If you're updating a distribution that you're already using to distribute content, add trusted signers only when you're ready to start generating signed URLs for your objects. After you add trusted signers to a distribution, users must use signed URLs to access the objects served by this distribution.
If you want to create signed URLs using AWS accounts in addition to or instead of the current account, enter one AWS account number per line in this field. Note the following:
The accounts that you specify must have at least one active CloudFront key pair. For more information, see Creating CloudFront Key Pairs for Your Trusted Signers.
You can't create CloudFront key pairs for IAM users, so you can't use IAM users as trusted signers.
For information about how to get the AWS account number for an account, see How Do I Get Security Credentials? in the Amazon Web Services General Reference.
If you enter the account number for the current account, CloudFront automatically checks the Self checkbox and removes the account number from the AWS Account Numbers list.
When you create a new RTMP distribution or update an existing distribution, CloudFront displays the following information in the CloudFront console.
Active trusted signers, the AWS accounts that have an active CloudFront key pair and can be used to create valid signed URLs, are currently not visible in the CloudFront console.
When you perform an action on a distribution using the CloudFront API, you use the distribution ID to specify which
distribution you want to perform the action on, for example,
EDFDVBD6EXAMPLE. You can't change the
The possible status values for a distribution are listed in the following table.
The distribution is still being created or updated.
The distribution has been created or updated and the changes have been fully propagated through the CloudFront system.
In addition to ensuring that the status for a distribution is Deployed, you must enable the distribution before end users can use CloudFront to access your content. For more information, see Distribution State.
The date and time that the distribution was last modified, using ISO 8601 format, for example, 2012-05-19T19:37:58Z. For more information, go to http://www.w3.org/TR/NOTE-datetime.
You use the distribution's domain name in the links to your objects, unless you're using alternate
domain names (CNAMEs). For example, if your distribution's domain name is
the link to the example
/images/image.jpg file would be
http://d111111abcdef8.cloudfront.net/images/image.jpg. You can't change the CloudFront domain name for your distribution.
For more information about CloudFront URLs for links to your objects, see Format of URLs for CloudFront Objects.
If you specified one or more alternate domain names (CNAMEs), you can use your own domain names for links to your objects instead of using the CloudFront domain name. For more information about CNAMEs, see Alternate Domain Names (CNAMEs).
CloudFront domain names are unique. Your distribution's domain name was never used for a previous distribution and will never be reused for another distribution in the future.
To play a media file, you must configure the media player with the correct path to the file. How you configure the media depends on which media player you're using and how you're using it.
When you configure the media player, the path you specify to the media file must contain the
cfx/st immediately after the domain name, for example:
CloudFront follows Adobe's FMS naming requirements. Different players have their
own rules about how to specify streams. The example above is for JW Player. Check
your player's documentation. For example, Adobe's Flash Media Server does not allow
.flv extension to be present on the play path. Many players
remove the .
flv extension for you.
Your media player might ask for the path separate from the file name. For example, with the
JW Player wizard, you specify a
(with no trailing slash)
If you've stored the media files in a directory in your bucket (for example,
videos/mediafile.flv), then the variables for JW Player would be:
(with no trailing slash)
To use the JW Player wizard, go to the Setup Wizard page on the JW Player website.
To serve MP3 audio files or H.264/MPEG-4 video files, you might need to prefix the
file name with
mp4:. Some media players can be
configured to add the prefix automatically. The media player might also require you to
specify the file name without the file extension (for example,
The Adobe Flash Media Server
crossdomain.xml file specifies which domains can access
media files in a particular domain. CloudFront supplies a default file that allows all domains to access the media files
in your RTMP distribution, and you cannot change this behavior. If you include a more restrictive
crossdomain.xml file in your Amazon S3 bucket, CloudFront ignores it.
The following table lists the error codes that CloudFront can send to your media player.
The errors are part of the string returned with
The distribution was not found.
The distribution is not an RTMP distribution.
The instance is invalid.
The URI is invalid.
If you're having trouble getting your media files to play, check the following items.
|Item to Check||Description|
Separate distributions for the media player files and media files
The media player must be served by a regular HTTP distribution (for example, domain name d111111abcdef8.cloudfront.net), and media files must be served by an RTMP distribution (for example, domain name s5c39gqb8ow64r.cloudfront.net). Make sure you're not using the same distribution for both.
Confirm that the path for the file includes
MPEG-4 file names
Some media players require
Port 1935 on your firewall
Adobe Flash Media Server uses port 1935 for RTMP. Make sure your firewall has this port open. If it doesn't, the typical message returned is "Unable to play video." You can also switch to RTMPT to tunnel over HTTP using port 80.
Adobe Flash Player messaging
By default, the Adobe Flash Player won't display a message if the video file it's trying to play is missing. Instead, it waits for the file to show up. You might want to change this behavior to give your end users a better experience.
To instead have the player send a message if the video is