Step 2: Set Up IAM Permissions - Amazon Interactive Video Service

Step 2: Set Up IAM Permissions

Next, you must create an AWS Identity and Access Management (IAM) user and add a policy that gives the user access to create an Amazon IVS channel. If you want to auto-record to Amazon S3, you also must add appropriate permissions for that.

Follow these steps:

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Users, then choose Add user.

  3. In the Add user window:

    1. Type the user name you specified when you created an AWS account.

    2. Check Programmatic access and AWS Management Console access.

    3. Choose Next: Permissions.

  4. Under Set Permissions, turn on Attach existing policies directly, then choose Create Policy. A Create Policy window opens.

  5. In the Create Policy window, choose the JSON tab, and copy and paste the appropriate IVS policy to the JSON tab. The policy you should use depends on whether you want to use record-to-S3 functionality.

    If you are not using record-to-S3, use the following policy. This gives the IAM user access to create an Amazon IVS channel and get Amazon IVS service quotas.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ivs:CreateChannel" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicequotas:ListServiceQuotas" ], "Resource": "*" } ] }

    If you are using record-to-S3, use the following policy. This adds on to the above policy by giving the IAM user permission to create a “service-linked role” to access the appropriate Amazon S3 bucket. A service-linked role is a unique type of AWS IAM role that is linked directly to Amazon IVS.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ivs:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicequotas:ListServiceQuotas" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole", "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/ivs.amazonaws.com/AWSServiceRoleForIVSRecordToS3*" } ] }
  6. Still in the Create Policy window, choose Review Policy. Give the policy a Name, then choose Create Policy.

  7. Back in the Add user window, choose Next: Tags. On the Tags page, choose Next: Review.

  8. On the Review page, choose Create User.

  9. The final Success screen contains your Access key ID, Secret access key, and Password. Store all of these for future reference. When you are done, choose Close.

For more information (for example, to learn about IAM users and policies, how to attach a policy to a user, and how to constrain what users can do with Amazon IVS), see: