Authentication for accessing private S3 files not working

Wowza Streaming Engine
1

  • I’m using an EC2 AMI with Wowza Media Server 3 for Amazon EC2 3.0.4 build1127

  • I can stream public S3 files with no issue

  • But if I edit conf/MediaCache.xml, and add /MediaCacheSources/MediaCacheSource/Properties:

awsAccessKeyId

-----

awsSecretAccessKey

------------

and restart, I cannot access any content at all, not even public content.

  • I am assuming my keys are correct as they are the same keys I use to successfully mount the S3 bucket using s3fs.

Here’s a relevant excerpt from the Wowza output when I try to play a file:

DEBUG server comment - StreamNameAliasFile.load: /usr/local/WowzaMediaServer/conf/aliasmap.play.txt

INFO server comment - StreamNameAliasFile.load: size:0:1 hash:true matchAll:true

INFO server comment - ModuleStreamNameAlias.nameToAlias[play]: streamName:mp4:amazons3/playfi-audio/sample.mp4 alias:{pattern: “*” alias:"${Stream.Name}" wildcardMatches:{[0]: “mp4:amazons3/playfi-audio/sample.mp4”}} result:mp4:amazons3/playfi-audio/sample.mp4

DEBUG server comment - cmd: setBufferTime

DEBUG session setbuffertime [1183153499,1]: 3000 3000

DEBUG server comment - MediaReaderH264.mp4ReadAheadSize: 65536

DEBUG server comment - MediaReaderH264.mp4ReadAheadTrigger: 32768

DEBUG server comment - MediaReaderH264.mp4IndexBufferSize: 16384

DEBUG server comment - MediaReaderH264.randomAccessReaderClass: com.wowza.wms.plugin.mediacache.impl.MediaCacheRandomAccessReader

DEBUG server comment - MediaCache.acquireReader[amazons3/playfi-audio/sample.mp4]: createNew

DEBUG server comment - MediaCacheSourceBasic.canHandle[amazons3]: true mediaName:amazons3/playfi-audio/sample.mp4 prefix:amazons3/

DEBUG server comment - MediaCacheItemHTTPImpl.init url:http://playfi-audio.s3.amazonaws.com/sample.mp4

WARN server comment - MediaCacheItemHTTPImpl.getItemInfo[playfi-audio.s3.amazonaws.com/sample.mp4]: HTTP response: 301

DEBUG server comment - MediaCacheItemHTTPImpl.getItemInfo length: 0

WARN server comment - MediaCacheItemBase.init: Item does not exist: amazons3/playfi-audio/sample.mp4

DEBUG server comment - MediaCache.acquireReader[amazons3/playfi-audio/sample.mp4]: createNew

DEBUG server comment - MediaCacheSourceBasic.canHandle[amazons3]: true mediaName:amazons3/playfi-audio/sample.mp4 prefix:amazons3/

DEBUG server comment - MediaCacheItemHTTPImpl.init url:http://playfi-audio.s3.amazonaws.com/sample.mp4

WARN server comment - MediaCacheItemHTTPImpl.getItemInfo[playfi-audio.s3.amazonaws.com/sample.mp4]: HTTP response: 301

DEBUG server comment - MediaCacheItemHTTPImpl.getItemInfo length: 0

WARN server comment - MediaCacheItemBase.init: Item does not exist: amazons3/playfi-audio/sample.mp4

WARN server comment amazons3/playfi-audio/sample.mp4 MediaReaderH264.open[1]: java.io.IOException: MediaCacheRandomAccessReader.open: Item not in cache: amazons3/playfi-audio/sample.mp4

DEBUG server comment - sendPlayStatus: ltc:0 atc:0

2

Check the AWS key and SecretKey, the common problem is that they are reversed, transposed.

Also, set your log level back to INFO instead of DEBUG, so you can see what is happening more easily. DEBUG level logging is useful sometimes, but usually not.

Richard

3

Are they commented out? In the default /conf/MediaCache.xml, the AWS keys are commented out. Make sure you remove those. Otherwise, zip up the conf and logs folders and send them to support@wowza.com

Include a link to this thread for reference.

Richard

4

Is there any clue in the access or error logs? You realize that S3FS is not involved in streaming from S3 with vods3 app, right?

Richard

5

Check the AWS keys, see if they are transposed. That is the common problem so far, since the recent change.

Richard

6

I mean, make sure you didn’t enter the AWS secret access key in the awsAccessKeyId field, and vice versa

Richard

7

I tested this last week on a recent AMI and it worked. Zip up the conf and logs folders and send them to support@wowza.com. Include a link to this thread for reference.

Richard

8

Great, glad it’s working. Thanks for the update.

Richard

9

Check the AWS key and SecretKey, the common problem is that they are reversed, transposed.

Also, set your log level back to INFO instead of DEBUG, so you can see what is happening more easily. DEBUG level logging is useful sometimes, but usually not.

Richard

Hi Richard. I’ve triple-checked the keys and they are definitely correct; I copied and pasted the same keys and was able to mount the S3 bucket using s3fs.

I’ve also tried reversing the order of the AWS key and the secret key, but no luck.

Any other ideas?

10

Hey I finally got it working – I didn’t realise that S3 urls are region-specific. It looks like the default configuration will only work when the S3 bucket is in the US, but mine was in Singapore.

In my case I fixed the problem by setting /Root/MediaCacheSources/MediaCacheSource/BasePath to http://s3-ap-southeast-1.amazonaws.com/ in conf/MediaCache.xml. There is a table of regions and URLs here: http://docs.amazonwebservices.com/general/latest/gr/rande.html#s3_region .

Seems this was the only problem.

11

Hey,

did you solve the problem. I have exactley the same probleme. I used the defautl vods3 example from the documentation.

s3fs mount is working. I double checked the keys, but still no success. If I make the files public AND comment the keys out, it works. I wonder if there is a problem with the URL because there is a redirect and no 404 error.

If it helps I can also sent the log files and config options. Please give me a hint!

Thanks,

Sebastian

12

Hey Richard,

i am aware that s3fs has nothing to do with the access of wowza to s3, but it does use the same keys to access protected files. So I used it to test the connection.

I added the keys to MediaCache.xml. Is there anything else I should do?

Thanks,

Sebastian

INFO	session	connect-pending	2012-03-08	15:58:37	1811712729	92.231.44.137	-	3367	3073	0.093	-	-	-	-	--	-	92.231.44.137	-
INFO	session	connect	2012-03-08	15:58:37	1811712729	92.231.44.137	-	3367	3073	0.094	-	-	-	-	-	--	92.231.44.137	-
INFO	stream	create	2012-03-08	15:58:37	1811712729	92.231.44.137	-	3417	3413	0.0	-	1	-	0	0	00.0	-	-
INFO	server	comment	2012-03-08	15:58:37	-	-	-	-	-	5445.298	-	-	-	-	-	-	--	ModuleStreamNameAlias.nameToAlias[play]: streamName:mp4:amazons3/ambientas/test/sample.mp4 alias:{pattern: "*" alias:"${Stream.Name}" wildcardMatches:{[0]: "mp4:amazons3/ambientas/test/sample.mp4"}} result:mp4:amazons3/ambientas/test/sample.mp4
WARN	server	comment	2012-03-08	15:58:37	-	-	-	-	-	5445.605	-	-	-	-	-	-	--	MediaCacheItemHTTPImpl.getItemInfo[s3.amazonaws.com/ambientas/test/sample.mp4]: HTTP response: 301
WARN	server	comment	2012-03-08	15:58:37	-	-	-	-	-	5445.606	-	-	-	-	-	-	--	MediaCacheItemBase.init: Item does not exist: amazons3/ambientas/test/sample.mp4
WARN	server	comment	2012-03-08	15:58:37	-	-	-	-	-	5445.71	-	-	-	-	-	-	-	-MediaCacheItemHTTPImpl.getItemInfo[s3.amazonaws.com/ambientas/test/sample.mp4]: HTTP response: 301
WARN	server	comment	2012-03-08	15:58:37	-	-	-	-	-	5445.711	-	-	-	-	-	-	--	MediaCacheItemBase.init: Item does not exist: amazons3/ambientas/test/sample.mp4
WARN	server	comment	2012-03-08	15:58:37	-	-	-	-	-	5445.711	-	-	-	-	-	-	-amazons3/ambientas/test/sample.mp4	MediaReaderH264.open[1]: java.io.IOException: MediaCacheRandomAccessReader.open: Item not in cache: amazons3/ambientas/test/sample.mp4
13

What do you mean with transposed? I copied the key exactly as they appear under Access Credentials. Is this right?

14

Yes, I’m sure they are correct. I copied them from the amazon site and tried them using s3fs. Could this have anything todo with the access right I set in the s3 browser.

The sample.mp4 is located at /ambientas/test/sample.mp4 with full permissions for the aws user.

Sebastian

15

This also happened to me and I can confirm that amagee’s solution works.

Thanks!