public class S3RoleBasedOutput extends Output
Constructor and Description |
---|
S3RoleBasedOutput() |
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object o) |
String |
getBucketName()
Amazon S3 bucket name (required)
|
AwsCloudRegion |
getCloudRegion()
Get cloudRegion
|
String |
getExternalId()
External ID used together with the IAM role identified by `roleArn` to assume S3 access.
|
String |
getMd5MetaTag()
If set a user defined tag (x-amz-meta-) with that key will be used to store the MD5 hash of the file.
|
String |
getRoleArn()
Amazon ARN of the IAM Role (Identity and Access Management Role) that will be assumed for S3 access.
|
S3SignatureVersion |
getSignatureVersion()
Specifies the method used for authentication
|
int |
hashCode() |
void |
setBucketName(String bucketName)
Amazon S3 bucket name (required)
|
void |
setCloudRegion(AwsCloudRegion cloudRegion)
Set cloudRegion
|
void |
setExternalId(String externalId)
External ID used together with the IAM role identified by `roleArn` to assume S3 access.
|
void |
setMd5MetaTag(String md5MetaTag)
If set a user defined tag (x-amz-meta-) with that key will be used to store the MD5 hash of the file.
|
void |
setRoleArn(String roleArn)
Amazon ARN of the IAM Role (Identity and Access Management Role) that will be assumed for S3 access.
|
void |
setSignatureVersion(S3SignatureVersion signatureVersion)
Specifies the method used for authentication
|
String |
toString() |
addAclItem, getAcl, setAcl
getCreatedAt, getCustomData, getDescription, getModifiedAt, getName, putCustomDataItem, setCustomData, setDescription, setName
getId
public String getBucketName()
public void setBucketName(String bucketName)
bucketName
- Amazon S3 bucket name (required)public String getRoleArn()
public void setRoleArn(String roleArn)
roleArn
- Amazon ARN of the IAM Role (Identity and Access Management Role) that will be assumed for S3 access. This role has to be created by the owner of the account with the S3 bucket (i.e., you as a customer). For Bitmovin to be able to assume this role, the following has to be added to the trust policy of the role: ``` { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::630681592166:user/bitmovinCustomerS3Access\" }, \"Action\": \"sts:AssumeRole\", \"Condition\": { \"StringEquals\": { \"sts:ExternalId\": \"{{externalId}}\" } } } ``` where \"arn:aws:iam::630681592166:user/bitmovinCustomerS3Access\" is the Bitmovin user used for the access. The `Condition` is optional but we highly recommend it, see property `externalId` below for more information. This setup allows Bitmovin assume the provided IAM role and to write data to your S3 bucket. Please note that the IAM role has to have write access to S3. For more information about role creation please visit https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-console (required)public String getExternalId()
public void setExternalId(String externalId)
externalId
- External ID used together with the IAM role identified by `roleArn` to assume S3 access. This ID is generated once by the owner of the account with the S3 bucket (i.e., you as a customer) and added to the IAM role on AWS. Although it can be any string we recommend using a randomly generated UUID for better uniqueness. This ID then should be added to the trust policy of the IAM role `roleArn` configured above so that it looks something like this: ``` { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::630681592166:user/bitmovinCustomerS3Access\" }, \"Action\": \"sts:AssumeRole\", \"Condition\": { \"StringEquals\": { \"sts:ExternalId\": \"{{externalId}}\" } } } ``` where \"{{externalId}}\" is the generated ID. This property is optional but we recommend it as an additional security feature. We will use both the `roleArn` and the `externalId` to access your S3 data. If the Amazon IAM role has an external ID configured but it is not provided in the output configuration Bitmovin won't be able to write to the S3 bucket. Also if the provided external ID does not match the one configured for the IAM role on AWS side, Bitmovin won't be able to access the S3 bucket. You can change the external ID whenever you want, just update the trust policy of the IAM role and provide the new external ID in the output configuration. Note that we then won't be able to access your S3 buckets with the old external ID anymore, so you have to provide new output configuration. For more information please visit https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.htmlpublic String getMd5MetaTag()
public void setMd5MetaTag(String md5MetaTag)
md5MetaTag
- If set a user defined tag (x-amz-meta-) with that key will be used to store the MD5 hash of the file.public AwsCloudRegion getCloudRegion()
public void setCloudRegion(AwsCloudRegion cloudRegion)
cloudRegion
- public S3SignatureVersion getSignatureVersion()
public void setSignatureVersion(S3SignatureVersion signatureVersion)
signatureVersion
- Specifies the method used for authenticationCopyright © 2020. All rights reserved.