HLS output group to Amazon S3

Follow this procedure if you determined that you will create an HLS output group with Amazon S3 as the destination. You and the operator of the downstream system must agree about the destination for the output of the HLS output group.

To arrange setup of the destination

Decide if you need two destinations for the output:
- You need two destinations in a standard channel.
- You need one destination in a single-pipeline channel.
We recommend that you design the full path of the destination — the Amazon S3 bucket and all the folders. See Step 1: Design the path for the output destination.
Ask the Amazon S3 user to create any buckets that don't already exist.

With MediaLive, the Amazon S3 bucket name must not use dot notation. For example, mycompany-videos is acceptable but mycompany.videos isn't.
Discuss ownership with the Amazon S3 user. If the bucket belongs to another AWS account, you typically want that account to become the owner of the output. For more information, see Controlling access to the output, after this procedure.

Note that you don't need user credentials to send to an S3 bucket. MediaLive has permission to write to the S3 bucket via the trusted entity. Someone in your organization should have already set up these permissions. For more information, see Reference: summary of requirements for the MediaLive trusted entity.

Controlling access to the output

You might be sending output files to an Amazon S3 bucket that is owned by another AWS account. In this situation, you typically want the other account to become the owner of the output files (the object being put in the bucket). If the bucket owner doesn't become the object owner, you (MediaLive) will be the only agent that can delete the files when the files are no longer required.

It is therefore in everyone's interest to transfer ownership of the output files after they are in the Amazon S3 bucket.

To transfer object ownership, the following setup is required:

The bucket owner must add a bucket permissions policy that grants you permission to add an Amazon S3 canned access control list (ACL) when MediaLive delivers the output files to the bucket. The bucket owner should read the information in Managing access with ACLs in the Amazon Simple Storage Service user guide. The bucket owner must set up ACL permissions for the bucket, not for the objects.
The bucket owner should also set up object ownership. This feature effectively makes it mandatory (rather than optional) for the sender (MediaLive) to include the Bucket owner full control ACL. The bucket owner should read the information in Controlling object ownership in the Amazon Simple Storage Service user guide.

If the bucket owner implements this feature, then you must set up MediaLive to include the ACL. If you don't, delivery to the Amazon S3 bucket will fail.
You must set up MediaLive to include the Bucket owner full control ACL when it delivers to the bucket. You will perform this setup when you create the channel.

The S3 canned ACL feature supports ACLs other than Bucket owner full control, but those other ACLs are typicallly not applicable to the use case of delivering video from MediaLive.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Coordinate with the downstream system

HLS to MediaStore