Установить ACL на функцию Lambda Python MediaConvert
Для запуска задания AWS MediaConvert я использую следующее задание Python и json media convert. (оригинальное руководство, которому я следовал, здесь).
ACL для новых файлов, созданных заданием MediaConvert, должен быть ACL: 'public-read'
Однако я не могу установить это. Я бы предпочел назначить это для файла, а не для разрешения корзины из-за сложности структуры папок в этом сегменте (я знаю, что на S3 нет таких вещей, как настоящие папки).
Convert.py #! / Usr / bin / env python
import glob
import json
import os
import uuid
import boto3
import datetime
import random
import urlparse
from botocore.client import ClientError
def handler(event, context):
assetID = str(uuid.uuid4())
sourceS3Bucket = event['Records'][0]['s3']['bucket']['name']
sourceS3Key = event['Records'][0]['s3']['object']['key']
sourceS3 = 's3://'+ sourceS3Bucket + '/' + sourceS3Key
sourceS3Basename = os.path.splitext(os.path.basename(sourceS3))[0]
destinationS3 = 's3://' + os.environ['DestinationBucket']
destinationS3basename = os.path.splitext(os.path.basename(destinationS3))[0]
mediaConvertRole = os.environ['MediaConvertRole']
region = os.environ['AWS_DEFAULT_REGION']
statusCode = 200
body = {}
# Use MediaConvert SDK UserMetadata to tag jobs with the assetID
# Events from MediaConvert will have the assetID in UserMedata
jobMetadata = {'assetID': assetID}
print (json.dumps(event))
try:
# Job settings are in the lambda zip file in the current working directory
with open('job.json') as json_data:
jobSettings = json.load(json_data)
print(jobSettings)
# get the account-specific mediaconvert endpoint for this region
mc_client = boto3.client('mediaconvert', region_name=region)
endpoints = mc_client.describe_endpoints()
# add the account-specific endpoint to the client session
client = boto3.client('mediaconvert', region_name=region, endpoint_url=endpoints['Endpoints'][0]['Url'], verify=False)
# Update the job settings with the source video from the S3 event and destination
# paths for converted videos
jobSettings['Inputs'][0]['FileInput'] = sourceS3
S3KeyWatermark = 'encoded-video/mp4/' + sourceS3Basename
jobSettings['OutputGroups'][0]['OutputGroupSettings']['FileGroupSettings']['Destination'] \
= destinationS3 + '/' + S3KeyWatermark
S3KeyThumbnails = 'encoded-video/poster/' + sourceS3Basename
jobSettings['OutputGroups'][1]['OutputGroupSettings']['FileGroupSettings']['Destination'] \
= destinationS3 + '/' + S3KeyThumbnails
print('jobSettings:')
print(json.dumps(jobSettings))
# Convert the video using AWS Elemental MediaConvert
job = client.create_job(Role=mediaConvertRole, UserMetadata=jobMetadata, Settings=jobSettings)
print (json.dumps(job, default=str))
except Exception as e:
print 'Exception: %s' % e
statusCode = 500
raise
finally:
return {
'statusCode': statusCode,
'body': json.dumps(body),
'headers': {'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*'}
}
job.json
{
"OutputGroups": [
{
"CustomName": "MP4",
"Name": "File Group",
"Outputs": [
{
"ContainerSettings": {
"Container": "MP4",
"Mp4Settings": {
"CslgAtom": "INCLUDE",
"FreeSpaceBox": "EXCLUDE",
"MoovPlacement": "PROGRESSIVE_DOWNLOAD"
}
},
"VideoDescription": {
"Width": 720,
"Height": 480,
"ScalingBehavior": "DEFAULT",
"TimecodeInsertion": "DISABLED",
"AntiAlias": "ENABLED",
"Sharpness": 50,
"CodecSettings": {
"Codec": "H_264",
"H264Settings": {
"InterlaceMode": "PROGRESSIVE",
"NumberReferenceFrames": 3,
"Syntax": "DEFAULT",
"Softness": 0,
"GopClosedCadence": 1,
"GopSize": 90,
"Slices": 1,
"GopBReference": "DISABLED",
"SlowPal": "DISABLED",
"SpatialAdaptiveQuantization": "ENABLED",
"TemporalAdaptiveQuantization": "ENABLED",
"FlickerAdaptiveQuantization": "DISABLED",
"EntropyEncoding": "CABAC",
"Bitrate": 3000000,
"FramerateControl": "INITIALIZE_FROM_SOURCE",
"RateControlMode": "CBR",
"CodecProfile": "MAIN",
"Telecine": "NONE",
"MinIInterval": 0,
"AdaptiveQuantization": "HIGH",
"CodecLevel": "AUTO",
"FieldEncoding": "PAFF",
"SceneChangeDetect": "ENABLED",
"QualityTuningLevel": "SINGLE_PASS",
"FramerateConversionAlgorithm": "DUPLICATE_DROP",
"UnregisteredSeiTimecode": "DISABLED",
"GopSizeUnits": "FRAMES",
"ParControl": "INITIALIZE_FROM_SOURCE",
"NumberBFramesBetweenReferenceFrames": 2,
"RepeatPps": "DISABLED"
}
},
"AfdSignaling": "NONE",
"DropFrameTimecode": "ENABLED",
"RespondToAfd": "NONE",
"ColorMetadata": "INSERT"
},
"AudioDescriptions": [
{
"AudioTypeControl": "FOLLOW_INPUT",
"CodecSettings": {
"Codec": "AAC",
"AacSettings": {
"AudioDescriptionBroadcasterMix": "NORMAL",
"Bitrate": 96000,
"RateControlMode": "CBR",
"CodecProfile": "LC",
"CodingMode": "CODING_MODE_2_0",
"RawFormat": "NONE",
"SampleRate": 48000,
"Specification": "MPEG4"
}
},
"LanguageCodeControl": "FOLLOW_INPUT"
}
]
}
],
"OutputGroupSettings": {
"Type": "FILE_GROUP_SETTINGS",
"FileGroupSettings": {
"Destination": "s3://<MEDIABUCKET>/assets/VANLIFE/MP4/"
}
}
},
{
"CustomName": "Thumbnails",
"Name": "File Group",
"Outputs": [
{
"ContainerSettings": {
"Container": "RAW"
},
"VideoDescription": {
"Width": 720,
"ScalingBehavior": "DEFAULT",
"Height": 480,
"TimecodeInsertion": "DISABLED",
"AntiAlias": "ENABLED",
"Sharpness": 50,
"CodecSettings": {
"Codec": "FRAME_CAPTURE",
"FrameCaptureSettings": {
"FramerateNumerator": 1,
"FramerateDenominator": 1,
"MaxCaptures": 1,
"Quality": 80
}
},
"AfdSignaling": "NONE",
"DropFrameTimecode": "ENABLED",
"RespondToAfd": "NONE",
"ColorMetadata": "INSERT"
}
}
],
"OutputGroupSettings": {
"Type": "FILE_GROUP_SETTINGS",
"FileGroupSettings": {
"Destination": "s3://<MEDIABUCKET>/assets/VANLIFE/Thumbnails/"
}
}
}
],
"AdAvailOffset": 0,
"Inputs": [
{
"AudioSelectors": {
"Audio Selector 1": {
"Offset": 0,
"DefaultSelection": "DEFAULT",
"ProgramSelection": 1
}
},
"VideoSelector": {
"ColorSpace": "FOLLOW"
},
"FilterEnable": "AUTO",
"PsiControl": "USE_PSI",
"FilterStrength": 0,
"DeblockFilter": "DISABLED",
"DenoiseFilter": "DISABLED",
"TimecodeSource": "EMBEDDED",
"FileInput": "s3://rodeolabz-us-west-2/vodconsole/VANLIFE.m2ts"
}
]
}
Конечно, я открыт для предложений политики Bucket, даже если публичный доступ может быть ограничен следующими "папками" в этом сегменте.
<BUCKET>/videos
<BUCKET>/encoded-video/mp4
<BUCKET>/encoded-video/poster
Спасибо заранее.
1 ответ
Вы можете попробовать следующую политику (не проверено):
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicAccessToFolders",
"Effect":"Allow",
"Principal":"*",
"Action":["s3:GetObject"],
"Resource":[
"arn:aws:s3:::examplebucket/videos/*",
"arn:aws:s3:::examplebucket/encoded-video/mp4/*",
"arn:aws:s3:::examplebucket/encoded-video/poster/*",
]
}
]
}
Более подробная информация о том, как Amazon авторизует доступ к корзине, приведена здесь, а несколько примеров политик - здесь.