Amazon CloudFront
Developer Guide (API Version 2012-07-01)
AWS Documentation » Amazon CloudFront » Developer Guide » Working with Distributions » Working with Streaming Distributions
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Working with Streaming Distributions

Topics

This section describes how you configure and manage streaming distributions. For information about how to create a streaming distribution, see Creating Streaming Distributions.

How Streaming Distributions Work

To stream media files using CloudFront, you provide two types of files to your end users:

  • Your media files

  • A media player, for example, JW Player, Flowplayer, or Adobe Flash

End users view your media files using the media player that you provide for them; they do not use the media player (if any) that is already installed on their computer or other device.

When an end user streams your media file, the media player begins to play the content of the file while the file is still being downloaded from CloudFront. The media file is not stored locally on the end user's system.

To use CloudFront to serve both the media player and the media files, you need two types of distributions: a download distribution for the media player, and a streaming distribution for the media files. Download distributions serve files over HTTP, while streaming distributions stream media files over RTMP (or a variant of RTMP).

The following example assumes that your media files and your media player are stored in different buckets in Amazon S3, but that isn't required—you can store media files and your media player in the same Amazon S3 bucket. You can also make the media player available to end users in other ways, for example, using CloudFront and a custom origin. However, the media files must use an Amazon S3 bucket as the origin.

In the following diagram, your site serves a cached copy of the media player to each end user through the d1234.cloudfront.net domain. The media player then accesses cached copies of your media files through the s5678.cloudfront.net domain.

Setup for streaming

Your media player bucket holds the media player and is the origin server for a regular HTTP distribution. In this example, the domain name for the distribution is d1234.cloudfront.net. (The d in d1234.cloudfront.net indicates that this is a download distribution.)

Your streaming media bucket holds your media files and is the origin server for a streaming distribution. In this example, the domain name for the distribution is s5678.cloudfront.net. (The s in s5678.cloudfront.net indicates that this is a streaming distribution.)

When you configure CloudFront to distribute media files, CloudFront uses Adobe Flash Media Server 3.5 as the streaming server and streams your media files using Adobe's Real-Time Messaging Protocol (RTMP). CloudFront accepts RTMP requests over port 1935 and port 80.

CloudFront supports the following variants of the RTMP protocol:

  • RTMP—Adobe's Real-Time Message Protocol

  • RTMPT—Adobe streaming tunneled over HTTP

  • RTMPE—Adobe encrypted

  • RTMPTE—Adobe encrypted tunneled over HTTP

For a basic summary of RTMP and the file formats that Adobe Flash Media Server supports, go to Overview of Streaming with Flash Media Server 3 on the Adobe website. The overview includes information about supported codecs and containers.

Resources available on the Internet can help you determine the bit rate to use for your Flash files, for example, the Flash video (FLV) bitrate calculator on the Adobe website.

CloudFront supports all of the features in Adobe Flash Media Server 3.5 related to dynamic streaming, which lets you switch between streams of different qualities during playback. For more information, go to Dynamic streaming in Flash Media Server 3.5: Part 1 on the Adobe website.

To serve streamed content, you need to provide your end users with a media player. You can write your own player using Adobe Flash. For more information, go to http://www.adobe.com/products/flashplayer/. Alternatively, you can use an existing player. For more infomation, see the following tutorials:

Using an Amazon S3 Bucket as the Origin for a Streaming Distribution

When you create a distribution, you specify where CloudFront gets the files that it distributes to edge locations. For a streaming distribution, you must use an Amazon S3 bucket; custom origins are not supported. To get your objects into your bucket, you can use any method supported by Amazon S3, for example, the Amazon S3 API or a third-party tool. You can create a hierarchy in your bucket just as you would with any other Amazon S3 bucket. You incur regular Amazon S3 charges for storing the objects in the bucket. For more information about the charges to use CloudFront, see Paying for CloudFront.

Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any way; you can still use it as you normally would to store and access Amazon S3 objects (at the normal Amazon S3 prices).

You can use the same Amazon S3 bucket for both streaming and download distributions.

Note

After you create a streaming distribution, you can't change its origin server. If you need to change the Amazon S3 bucket for a streaming distribution, you must create a new distribution that uses the new bucket and update either your links or your DNS records to use the domain name for the new distribution. You can then delete the original distribution. For more information, see Deleting a Distribution.

When you specify the name of the Amazon S3 bucket that you want CloudFront to get objects from, you use the following format:

bucket-name.s3.amazonaws.com

Do not specify the name of the bucket using the following values:

  • The Amazon S3 path style, s3.amazonaws.com/bucket-name

  • The Amazon S3 CNAME, if any

Important

For your bucket to work with CloudFront, the name must conform to DNS naming requirements. For more information, go to Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.

Creating Multiple Streaming Distributions for an Origin Server

You typically create one streaming distribution per Amazon S3 bucket, but you can choose to create multiple streaming distributions for the same bucket. For example, if you had two distributions for an Amazon S3 bucket, you could reference a single media file using either distribution. In this case, if you had a media file called media.flv in your origin server, CloudFront would work with each distribution as though it referenced an individual media.flv object: one media.flv accessible through one distribution, and another media.flv accessible through the other distribution.

Values that You Specify When You Create or Update a Streaming Distribution

To stream media files using CloudFront, you create a streaming distribution and specify the following values.

Topics

Origin Domain Name (Amazon S3 Bucket)

The DNS domain name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin, for example, myawsbucket.s3.amazonaws.com. In the CloudFront console, click in the Origin Domain Name field, and a list enumerates the Amazon S3 buckets that are associated with the current AWS account. To use a bucket from a different AWS account, type the domain name of the bucket in the following format:

bucket-name.s3.amazonaws.com.

The files must be publicly readable unless you secure your content in Amazon S3 by using a CloudFront origin access identity. For more information, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.

Important

The bucket name must conform to DNS naming requirements. For more information, go to Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.

When you change the bucket from which CloudFront gets objects for the current origin, CloudFront immediately begins replicating the change to CloudFront edge locations. Until the distribution configuration is updated in a given edge location, CloudFront will continue to forward requests to the previous Amazon S3 bucket. As soon as the distribution configuration is updated in that edge location, CloudFront begins to forward requests to the new Amazon S3 bucket.

Changing the bucket does not require CloudFront to repopulate edge caches with objects from the new origin. As long as the viewer requests in your application have not changed, CloudFront will continue to serve objects that are already in an edge cache until the TTL on each object expires or until seldom-requested objects are evicted.

For more information, see Using an Amazon S3 Bucket as the Origin for a Streaming Distribution.

Restrict Bucket Access (Amazon S3 Only)

Click Yes if you want to require end users to access objects in an Amazon S3 bucket by using only CloudFront URLs, not by using Amazon S3 URLs. Then specify the applicable values.

Click No if you want end users to be able to access objects using either CloudFront URLs or Amazon S3 URLs.

For more information, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.

Origin Access Identity (Amazon S3 Only)

If you chose Yes for Restrict Bucket Access, choose whether to create a new origin access identity or use an existing one that is associated with your AWS account. If you already have an origin access identity, we recommend that you reuse it to simplify maintenance. For more information about origin access identities, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.

Comment for New Identity(Amazon S3 Only)

If you chose Create a New Identity for Origin Access Identity, enter a comment that identifies the new origin access identity. CloudFront will create the origin access identity when you create this distribution.

Your Identities (Amazon S3 Only)

If you chose Use an Existing Identity for Origin Access Identity, choose the origin access identity that you want to use. You cannot use an origin access identity that is associated with another AWS account.

Grant Read Permissions on Bucket (Amazon S3 Only)

If you want CloudFront to automatically grant the origin access identity the permission to read objects in your Amazon S3 bucket, click Yes, Update Bucket Policy.

Important

If you click Yes, Update Bucket Policy, CloudFront updates the bucket policy to grant the specified origin access identity the permission to read objects in your bucket. However, CloudFront does not remove existing permissions in the bucket policy or permissions on individual objects. If users currently have permission to access the objects in your bucket using Amazon S3 URLs, they will still have that permission after CloudFront updates your bucket policy. To view or change the existing bucket policy and the existing permissions on the objects in your bucket, use a method provided by Amazon S3. For more information, see Granting the Origin Access Identity Permission to Read Objects in Your Amazon S3 Bucket.

If you want to update permissions manually, for example, if you want to update ACLs on your objects instead of updating bucket permissions, click No, I will Update Permissions.

Price Class

The price class that corresponds with the maximum price that you want to pay for CloudFront service. By default, CloudFront serves your objects from edge locations in all CloudFront regions.

For more information about price classes and about how your choice of price class affects CloudFront performance for your distribution, see Choosing the Price Class for a CloudFront Distribution. For information about CloudFront pricing, including how price classes map to CloudFront regions, go to Amazon CloudFront Pricing.

Alternate Domain Names (CNAMEs)

Optional. You can associate one or more CNAME aliases with a distribution so that you can use your domain name (for example, example.com) in the URLs for your objects instead of using the domain name that CloudFront assigned when you created your distribution. For more information, see Using Alternate Domain Names (CNAMEs).

Logging

Whether you want CloudFront to log information about each request for an object and store the log files in an Amazon S3 bucket. You can enable or disable logging at any time. There is no extra charge if you enable logging, but you accrue the usual Amazon S3 charges for storing and accessing the files in an Amazon S3 bucket. You can delete the logs at any time. For more information about CloudFront access logs, see Access Logs.

Bucket for Logs

If you chose On for Logging, the Amazon S3 bucket that you want CloudFront to store access logs in, for example, myawslogbucket.s3.amazonaws.com. If you enable logging, CloudFront records information about each end-user request for an object and stores the files in the specified Amazon S3 bucket. You can enable or disable logging at any time. For more information about CloudFront access logs, see Access Logs.

Log Prefix

Optional. If you chose On for Logging, specify the string, if any, that you want CloudFront to prefix to the access log filenames for this distribution, for example, exampleprefix/. The trailing slash ( / ) is optional but recommended to simplify browsing your log files. For more information about CloudFront access logs, see Access Logs.

Comment

Optional. When you create a distribution, you can include a comment of up to 128 characters. You can update the comment at any time.

Distribution State

When you create a distribution, you must specify whether you want the distribution to be enabled or disabled after it's created:

  • Enabled means that as soon as the distribution is fully deployed you can deploy links that use the distribution's domain name and end users can retrieve content. Whenever a distribution is enabled, CloudFront accepts and processes any end-user requests for content that use the domain name associated with that distribution. For more information about full deployment, see Eventual Consistency.

  • Disabled means that even though the distribution might be deployed and ready to use, end users can't use it. When a distribution is disabled, CloudFront doesn't accept any end-user requests that use the domain name associated with that distribution. Until you switch the distribution from disabled to enabled (by updating the distribution's configuration), no one can use it.

You can toggle a distribution between disabled and enabled as often as you want. For information about updating a distribution's configuration, see Listing, Viewing, and Updating CloudFront Distributions.

Restrict Viewer Access (Use Signed URLs)

If you want requests for objects served by this distribution to use public URLs, click No. If you want requests to use signed URLs, click Yes. Then specify the AWS accounts that you want to use to create signed URLs; these accounts are known as trusted signers.

For more information about trusted signers, see Specifying the AWS Accounts That Can Create Signed URLs (Trusted Signers).

Trusted Signers

Choose which AWS accounts you want to use as trusted signers for this distribution:

  • Self: Use the account with which you're currently signed into the AWS Management Console as a trusted signer. If you're currently signed in as an IAM user, the associated AWS account is added as a trusted signer.

  • Specify Accounts: Enter account numbers for trusted signers in the AWS Account Numbers field.

To create signed URLs, an AWS account must have at least one active CloudFront key pair.

Caution

If you're updating a distribution that you're already using to distribute content, add trusted signers only when you're ready to start generating signed URLs for your objects. After you add trusted signers to a distribution, users must use signed URLs to access the objects served by this distribution.

AWS Account Numbers

If you want to create signed URLs using AWS accounts in addition to or instead of the current account, enter one AWS account number per line in this field. Note the following:

  • The accounts that you specify must have at least one active CloudFront key pair. For more information, see Creating CloudFront Key Pairs for Your Trusted Signers.

  • You can't create CloudFront key pairs for IAM users, so you can't use IAM users as trusted signers.

  • To get the AWS account number for an account, sign into the AWS Management Console using that account, and click My Account/Console > Security Credentials. The account number for the current account appears at the top of the page.

  • If you enter the account number for the current account, CloudFront automatically checks the Self checkbox and removes the account number from the AWS Account Numbers list.

Values that CloudFront Displays in the Console When You Create or Update a Streaming Distribution

When you create a new streaming distribution or update an existing distribution, CloudFront displays the following information in the CloudFront console.

Note

Active trusted signers, the AWS accounts that have an active CloudFront key pair and can be used to create valid signed URLs, are currently not visible in the CloudFront console.

Distribution ID

When you perform an action on a distribution using the CloudFront API, you use the distribution ID to specify which distribution you want to perform the action on, for example, EDFDVBD6EXAMPLE. You can't change the distribution ID.

Status

The possible status values for a distribution are listed in the following table.

ValueDescription

InProgress

The distribution is still being created or updated.

Deployed

The distribution has been created or updated and the changes have been fully propagated through the CloudFront system.

In addition to ensuring that the status for a distribution is Deployed, you must enable the distribution before end users can use CloudFront to access your content. For more information, see Distribution State.

Last Modified

The date and time that the distribution was last modified, using ISO 8601 format, for example, 2012-05-19T19:37:58Z. For more information, go to http://www.w3.org/TR/NOTE-datetime.

Domain Name

You use the distribution's domain name in the links to your objects, unless you're using alternate domain names (CNAMEs). For example, if your distribution's domain name is d111111abcdef8.cloudfront.net, the link to the example /images/image.jpg file would be http://d111111abcdef8.cloudfront.net/images/image.jpg. You can't change the CloudFront domain name for your distribution. For more information about CloudFront URLs for links to your objects, see Format of URLs for CloudFront Objects.

If you specified one or more alternate domain names (CNAMEs), you can use your own domain names for links to your objects instead of using the CloudFront domain name. For more information about CNAMEs, see Alternate Domain Names (CNAMEs).

Note

CloudFront domain names are unique. Your distribution's domain name was never used for a previous distribution and will never be reused for another distribution in the future.

Configuring the Media Player

To play a media file, you must configure the media player with the correct path to the file. How you configure the media depends on which media player you're using and how you're using it.

When you configure the media player, the path you specify to the media file must contain the characters cfx/st immediately after the domain name, for example:

rtmp://s5c39gqb8ow64r.cloudfront.net/cfx/st/mediafile.flv.

Note

CloudFront follows Adobe's FMS naming requirements. Different players have their own rules about how to specify streams. The example above is for JW Player. Check your player's documentation. For example, Adobe's Flash Media Server does not allow the .flv extension to be present on the play path. Many players remove the .flv extension for you.

Your media player might ask for the path separate from the file name. For example, with JW Player's wizard, you specify a streamer and file variable:

  • streamer—rtmp://s5c39gqb8ow64r.cloudfront.net/cfx/st (with no trailing slash)

  • file— mediafile.flv

If you've stored the media files in a directory in your bucket (for example, videos/mediafile.flv), then the variables for JW Player would be:

  • streamer—rtmp://s5c39gqb8ow64r.cloudfront.net/cfx/st (with no trailing slash)

  • file— videos/mediafile.flv

To use the JW Player wizard, go to http://www.longtailvideo.com/support/jw-player-setup-wizard?example=204.

MPEG Files

To serve MP3 audio files or H.264/MPEG-4 video files, you might need to prefix the file name with mp3: or mp4:. Some media players can be configured to add the prefix automatically. The media player might also require you to specify the file name without the file extension (for example, magicvideo instead of magicvideo.mp4).

Restricting Access Using Crossdomain.xml

The Adobe Flash Media Server crossdomain.xml file specifies which domains can access media files in a particular domain. CloudFront supplies a default file that allows all domains to access the media files in your streaming distribution, and you cannot change this behavior. If you include a more restrictive crossdomain.xml file in your Amazon S3 bucket, CloudFront ignores it.

Error Codes for Streaming Distributions

The following table lists the error codes that CloudFront can send to your media player. The errors are part of the string returned with Event.info.application.message or Event.info.description.

ErrorDescription

DistributionNotFound

The distribution was not found.

DistributionTypeMismatch

The distribution is not a streaming distribution.

InvalidInstance

The instance is invalid.

InvalidURI

The URI is invalid.

Troubleshooting Streaming Distributions

If you're having trouble getting your media files to play, check the following items.

Item to CheckDescription

Separate distributions for the media player files and media files

The media player must be served by a regular HTTP distribution (for example, domain name d111111abcdef8.cloudfront.net), and media files must be served by a streaming distribution (for example, domain name s5c39gqb8ow64r.cloudfront.net). Make sure you're not using the same distribution for both.

/cfx/st in the file path

Confirm that the path for the file includes /cfx/st. You don't need to include /cfx/st in the path to the object in the Amazon S3 bucket. For more information, see Configuring the Media Player.

MPEG-4 file names

Some media players require mp4: before the file name. Some might also require you to exclude the .mp4 extension. For more information, see MPEG Files.

Port 1935 on your firewall

Adobe Flash Media Server uses port 1935 for RTMP. Make sure your firewall has this port open. If it doesn't, the typical message returned is "Unable to play video." You can also switch to RTMPT to tunnel over HTTP using port 80.

Adobe Flash Player messaging

By default, the Adobe Flash Player won't display a message if the video file it's trying to play is missing. Instead, it waits for the file to show up. You might want to change this behavior to give your end users a better experience.

To instead have the player send a message if the video is missing, use play("vid",0,-1) instead of play("vid").

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...