fbpx

Setting up Amazon S3 AWS Access

dt logo 1.5inchAll of Drastic's version 6 or greater software supports authenticating directly with Amazon via AWSAccessKeyId/SecretKey through an https transport. This is most useful for Net-X-Code's partial file restore system, but can also be used from videoQC, MediaNXS or MediaReactor.  Accessing these resources requires a second level of setup, beyond the basic software setup, and this article provides an overview on that process.

Amazon S3 Cloud File Access

Drastic software supports direct access to cloud resources using http, http2, ftp, s3 and other file sharing methods.  For cloud providers like Amazon, an authentication system is also required to access the stored files. 

As an example, this section will go over the steps required to set up access to an Amazon S3 Cloud 'bucket' from Drastic software. The steps are operating system independent, other than the directories in which the access files are stored.  With the access file, they should be set up to be read only by the Drastic software, as they will contain sensitive information that could be used to access your cloud files.  For the purposes of this article, you will need to use one of the following directories:

Windows:
C:\ProgramData\Drastic\
Alt - C:\Documents and Settings\<username>\Drastic\

Linux:
/etc/Drastic/
Alt - /Home/<username>/Drastic/

OS-X:
/Library/Applications Support/Drastic/
Alt - /Home/<username>/Drastic/

In order to access Amazon automatically, you will need to generate a rootkey.csv with the AWSAccessKeyId and AWSSecretKey, and save it in the OS specific directory above.  The file should look something like this:

AWSAccessKeyId=MEOWJDSIONGFSUIGNWCAT*
AWSSecretKey=djJFASTjfowljgwowf8473sdjhH*

* - please note, this are not real access/secret keys. Please replace with your own.

Also, you can setup a region override in this file with

AWSRegion=us-east-2

If there are multiple key/id/region sets in the file, we will only use the first one.

The second step in setting up access is setting a 'region' for the buckets you are using.  Unfortunately, the region must be specificied or you bucket will not be found by the software.  The default is 'us-east-1'.  To change this to your region, either edit the config.xml file, or run DDRConfig and change the value on the Advanced page under MediaReactor/Default - AWSRegion

DDRConfig AWSRegion config

Once that file is present and the region is correct, Drastic software will use it whenever accesses to Amazon S3 AWS is attempted.  This does mean it will not be able to access public resources when the key is in place.  If you need to access public S3 data, then simply rename or delete the rootkey.csv.  If you need to access public and private at the same time, or multiple buckets with difference credentials, you can specifiy the ID/Secret on the URL request instead.  To do this you must provide the id and  separated by a colon (:) and the site name must be separated with an at sign (@):  https://<id>:<secret>@s3.amazon.com/<bucket>/<file>.  There is an example of this access at the bottom of this article.

To generate the key, log into aws.amazon.com. 

https://console.aws.amazon.com/iam/home#/security_credential

Under your username at the top right, select 'My Security Credentials'. 

UserCredentialsAccess

 

On that page, expand the 'Access keys (access key ID and secret access key)'. 

AmazonAccessKeys

There you can create new access key(s) and save them to rootkey.csv on your server in the format above.

Access Strings

With rootkey.csv Or Public Access

https://s3.amazonaws.com/drasticpublic/matrox_proxy0.m4v

https://drasticpublic.s3.amazonaws.com/matrox_proxy0.m4v

s3://s3.amazonaws.com/netxcode-pft/sourceABR.mp4

With Direct Id/Key

Direct access without a rootkey.csv is also supported by providing the ID:SecretKey on the URL before the site.  The two parts must be separated by a colon (:) and the site name must be separated with an at sign (@):  https://<id>:<secret>@s3.amazon.com/<bucket>/<file>.

https://MEOWJDNGFSUIGNWCAT:This email address is being protected from spambots. You need JavaScript enabled to view it./netxcode-pft/sourceABR.mp4

https://MEOWJDSIONUIGNWCAT:This email address is being protected from spambots. You need JavaScript enabled to view it./sourceABR.mp4