Creating a transport stream flow that uses a VPC source

Transport stream flows transport compressed content that is muxed into a single stream.

When you create a flow that uses a source from your virtual private cloud (VPC), your content does not go over the public internet. This is useful for security reasons as well as reliability. You set up your VPC and then create a flow that has an interface to that VPC. Alternatively, you can create a flow based on an entitlement that another AWS account granted to allow you to use their content (entitled source) or a standard source.

Important

Before you begin this procedure, make sure that the following steps have been completed:

• In Amazon VPC, set up your VPC and associated security groups. For more information about VPCs, see the Amazon VPC User Guide. For information about configuring security groups to work with your VPC interface, see Security group considerations.

• In IAM, set up MediaConnect as a trusted service.

• If the source of your flow requires encryption, set up encryption.

Create a transport stream flow that uses a VPC source (console)

1. Open the MediaConnect console at https://console.aws.amazon.com/mediaconnect/.

2. On the Flows page, choose Create flow.

3. In the Details section, for Name, specify a name for your flow. This name will become part of the ARN for this flow.

   Note

   MediaConnect allows you to create multiple flows with the same name. However, we encourage you to use unique flow names within an AWS Region to help with organization. After you create a flow, you can't change the name.

4. For Availability Zone, choose Any or choose the Availability Zone where your VPC subnet resides. We recommend that you leave this as Any and let the service ensure that the Availability Zone is set correctly.

5. In the Source section, for Source type, choose VPC source.

6. For Name, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console.

7. Determine which protocol your source uses.

   Note

   If you want to specify redundant sources for failover, create the flow with one of the sources. After the flow is created, update it to activate failover on the source, and add the second source to the flow. Because MediaConnect treats both sources as the primary source, it doesn't matter which one you specify when you first create the flow.

8. For specific instructions based on your protocol, choose one of the following tabs:

   RIST

   1. For Protocol, choose RIST.

   2. For Ingest port, specify the port that the flow will listen on for incoming content.

      Note

      The RIST protocol requires one additional port for error correction. To accommodate this requirement, MediaConnect reserves the port that is +1 from the port that you specify. For example, if you specify port 4000 for the output, the service assigns ports 4000 and 4001.

   3. For VPC interface name, choose the name of the VPC interface that you want to use as the source.

   4. For Maximum bitrate, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate.

   5. For Maximum latency, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 1-15,000 ms. If you keep this field blank, the service uses the default value of 2,000 ms.

   RTP or RTP-FEC

   1. For Protocol, choose RTP or RTP-FEC.

   2. For Ingest port, specify the port that the flow will listen on for incoming content.

      Note

      The RTP-FEC protocol requires two additional ports for error correction. To accommodate this requirement, MediaConnect reserves the ports that are +2 and +4 from the port that you specify. For example, if you specify port 4000 for the output, the service assigns ports 4000, 4002, and 4004.

   3. For VPC interface name, choose the name of the VPC interface that you want to use as the source.

   4. For Maximum bitrate, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate.

   SRT listener

   1. In the Source section, for Source type, choose VPC source.

   2. For Name, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account.

   3. For Protocol, choose SRT listener.

   4. For Source description, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup.

   5. For VPC interface name, choose the name of the VPC interface that you want to use as the source.

   6. For Inbound port, specify the port that the flow listens on for incoming content.

   7. For Maximum bitrate, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate.

   8. For Minimum latency, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 10 -15,000 ms. If you keep this field blank, the service uses the default value of 2,000 ms.

      The SRT protocol uses a minimum latency configuration on each side of the connection. The larger of these two values is used as the recovery latency. If the transmitted bitrate, multiplied by the recovery latency, is higher than the receiver buffer, the buffer will overflow and the stream can fail with a Buffer Overflow Error. On the SRT receiver side, the receiver buffer is configured by the SRTO_RCVBUF value. The size of the receiver buffer is limited by the flow control window size (SRTO_FC) value. On the MediaConnect side, the receiver buffer is calculated as the maximum bitrate value multiplied by the minimum latency value. For more information about the SRT buffer, see the SRT Configuration Guidelines.

   9. If the source is encrypted, choose Activate in the Decryption section and do the following:

      1. For Role ARN, specify the ARN of the role that you created when you set up encryption.

      2. For Secret ARN, specify the ARN that AWS Secrets Manager assigned when you created the secret to store the encryption key.

   SRT caller

   1. In the Source section, for Source type, choose VPC source.

   2. For Name, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account.

   3. For Protocol, choose SRT caller.

   4. For Source description, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup.

   5. For VPC interface name, choose the name of the VPC interface that you want to use as the source.

   6. For Source listener port, enter the port the flow will use to pull the source from.

   7. For Maximum bitrate (optional), specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate.

   8. For Minimum latency, specify the minimum size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 10–15,000 ms. If you keep this field blank, MediaConnect uses the default value of 2,000 ms.

      The SRT protocol uses a minimum latency configuration on each side of the connection. The larger of these two values is used as the recovery latency. If the transmitted bitrate, multiplied by the recovery latency, is higher than the receiver buffer, the buffer will overflow and the stream can fail with a Buffer Overflow Error. On the SRT receiver side, the receiver buffer is configured by the SRTO_RCVBUF value. The size of the receiver buffer is limited by the flow control window size (SRTO_FC) value. On the MediaConnect side, the receiver buffer is calculated as the maximum bitrate value multiplied by the minimum latency value. For more information about the SRT buffer, see the SRT Configuration Guidelines.

   9. For Stream ID (optional), enter an identifier for the stream. This identifier can be used to communicate information about the stream.

   10. If the source is encrypted, choose Activate in the Decryption section and do the following:

       1. For Role ARN, specify the ARN of the role that you created when you set up encryption.

       2. For Secret ARN, specify the ARN that AWS Secrets Manager assigned when you created the secret to store the encryption key.

   Zixi push

   1. For Name, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account.

   2. For Protocol, choose Zixi push.

      Note

      MediaConnect assigns the inbound port for Zixi push VPC sources at the time of creation. A port number 2090–2099 will be assigned automatically.

   3. For VPC interface name, choose the name of the VPC interface that you want to use as the source.

   4. For Stream ID, specify the stream ID set in the Zixi feeder.

      Important

      If you leave this field blank, the service uses the source name as the stream ID. Because the stream ID must match the value set in the Zixi feeder, you need to specify the stream ID if it is not exactly the same as the source name.

   5. For Maximum latency, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value between 0 and 60,000 ms. If you keep this field blank, the service uses the default value of 6,000 ms.

   6. If the source is encrypted, choose Activate in the Decryption section and do the following:

      1. For Decryption type, choose Static key.

      2. For Role ARN, specify the ARN of the role that you created when you set up encryption.

      3. For Secret ARN, specify the ARN that AWS Secrets Manager assigned when you created the secret to store the encryption key.

      4. For Decryption algorithm, choose the type of encryption that was used to encrypt the source.

   Fujitsu-QoS

   1. For Protocol, choose Fujitsu-QoS.

   2. For Inbound port, specify the port that the flow listens on for incoming content.

   3. For VPC interface name, choose the name of the VPC interface that you want to use as the source.

   4. For Source description, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup.

   5. For Sender IP address, specify the sender's IP address that you want the flow to make connection with. The flow communicates with the specified IP address to initiate connection with the sender.

   6. For Sender control port, specify the port that the flow uses to send outbound requests to initiate connection with the sender.

   7. For Maximum latency, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 300–2,000 ms. If you keep this field blank, MediaConnect uses the default value of 2,000 ms.

9. For each VPC that you want to connect to the flow, do the following:

   1. In the VPC interface section, choose Add VPC interface.

   2. For Name, specify a name for your VPC interface. The name of the VPC interface must be unique within the flow.

   3. For Role ARN, specify the Amazon Resource Name (ARN) of the role that you created when you set up MediaConnect as a trusted service.

   4. For VPC, choose the ID of the VPC that you want to use.

      Note

      If you don't see the VPC that you want in the list, verify that the VPC has been set up in Amazon Virtual Private Cloud and that you have IAM permissions to view the VPC.

   5. For Subnet, choose the VPC subnet that you want MediaConnect to use to set up your VPC configuration. You must choose at least one and can choose as many as you want.

   6. For Security groups, specify the VPC security groups that you want MediaConnect to use to set up your VPC configuration. You must choose at least one security group.

10. At the bottom of the page, choose Create flow.

    Note

    The flow doesn't start automatically. You must start the flow manually.

11. Add outputs to specify where you want MediaConnect to send the content, or grant entitlements to allow users of other AWS accounts to subscribe to your content.