AWS Media Services

Learn how to use AWS to package your media for Studio DRM.

👍

This article attempts to simplify using AWS Media Services with Studio DRM.

However since AWS Media Services products evolve, we strongly recommend verifying the steps in this documentation with the documentation for each specific AWS service. A link to each service's documentation is listed in the following table.


When using AWS Media Services with Studio DRM, you must use several services to package your media, create a bucket, and create a job. Each of the required AWS services is listed in the following table.

AWS Media ServiceDescription
Amazon API GatewayAmazon API Gateway enables you to create and deploy your own REST and WebSocket APIs.

Amazon S3Amazon Simple Storage Service (Amazon S3) is storage for the internet.

AWS Elemental MediaConvertAWS Elemental MediaConvert is a service that formats and compresses offline video content for delivery to televisions or connected devices.

AWS Elemental MediaPackageAWS Elemental MediaPackage is a just-in-time video packaging and origination service that delivers highly secure, scalable, and reliable video streams to a wide variety of playback devices.

In addition to the AWS service, you must set up an API gateway to use the SPEKE API.



Implementation

Configure Media Packaging

  1. Log into AWS.
  2. In the Console Home page search bar, type MediaPackage and click MediaPackage. The AWS Elemental MediaPackage page appears.

📘

You can also click Services > Media Services > MediaPackage.


  1. Click Create a new channel. The Create channel page appears.
  2. In the ID field, enter a channel identifier.
  3. Click Create. The details of the newly created channel appear.
  4. In the Endpoint section, click Add endpoints. The Add/edit endpoints page appears.
  5. In the ID field, enter an endpoint identifier.
  6. (Optional) Add a Description of the endpoint.
  7. In the Manifest Name, type manifest.
  8. In the Packager settings section from the Type dropdown menu, select the packager type:
       • Apple HLS: For use with FairPlay DRM
       • DASH-ISO: For use with Playready or Widevine DRM

  9. In the Package encryption section, choose Encrypt content. The encryption settings appear.
  10. In the Resource ID field, add a resource ID.
  11. In the System IDs text box, type the appropriate DRM system identifiers:
       • 94ce86fb-07ff-4f43-adb8-93d2fa968ca2 (FairPlay DRM/Apple HLS)
       • 9a04f079-9840-4286-ab92-e65be0885f95 (PlayReady DRM/DASH ISO)
       • edef8ba9-79d6-4ace-a3c8-27dcd51d21ed (Widevine DRM DRM/DASH ISO)

  12. In the URL field, enter the API gateway URL.
  13. In the Role ARN field, enter an appropriate Amazon Resource Name.
  14. Click Save.

📘

You can use the stream tester to test the endpoints URL.




Create a Bucket

  1. In the Console Home page search bar, type S3 and click S3. The Amazon S3 page appears.

📘

You can also click Services > Storage > S3.

  1. Click Create bucket. The Create bucket page appears.
  2. In the General configuration section in the Bucket name field, enter a unique bucket name.
  3. Click Create bucket. The bucket’s summary page appears.
  4. In the Buckets section, click the name of the bucket.
  5. Click Create folder.
  6. In the Folder name field, enter a unique name.
  7. Click Create folder. Remember the folder name. This will be required later in the setup process.
  8. Duplicate the browser tab.



Create a Job

  1. In the Amazon search bar of the new tab, type MediaConvert and click MediaConvert. The AWS Elemental MediaConvert page appears.

📘

You can also click Services > Media Services > MediaConvert.


  1. Under Create a job, click Get started. The Create job page appears.
  2. In the Input 1 section in the Input file URL field, enter the URL of the source clip.
  3. In the side navigation under Output groups, click Add. The Add output group popup window appears.
  4. Select an output group:
       • For FairPlay, select Apple HLS.
       • For PlayReady or Widevine, select DASH ISO.

  5. Click Select. A page with the group settings appears.
  6. Under Destination, click Browse. The Choose a location popup window appears.
  7. From the S3 bucket dropdown menu, select the destination S3 bucket.
  8. In the Location field, search for the S3 bucket folder. The folder should have a path similar to your-bucket/your-folder-name/.
  9. Click Choose. The popup window closes.
  10. In the Destination field, append manifest to the end of the destination.
  11. From the Segment control dropdown menu, select Segmented files.
  12. Add DRM and add an output to the output group. Only use one of the following instructions:
       • FairPlay
       • PlayReady
       • Widevine

  13. In the main side navigation under Job settings, click AWS integration. The AWS integration settings appear in the main panel.
  14. Under Service access, select Use an existing service role from the Service role control dropdown menu. The Service role field appears.
  15. In the Service role field, choose the relevant IAM role.
  16. Click Create.

Wait several minutes for the job to process. On the Jobs page, you can press the Refresh button to check the status of the job. Once the job is complete, a value appears in the Finish time column.


FairPlay DRM and Output Settings

DRM Settings

👍

Be sure that the output group is set to Apple HLS.

  1. Click the DRM encryption toggle. The DRM encryption section expands.
  2. From the Encryption method dropdown menu, select Sample AES.
  3. From the Key provider type dropdown menu, select SPEKE.
  4. From the Initialization vector in manifest dropdown menu, select Exclude.
  5. In the Resource ID field, enter a unique identifier for your content, this is often referred to as the content ID. This must only contain alphanumeric characters, hyphens (-), or underscores (_).
  6. In the System ID field, enter 94ce86fb-07ff-4f43-adb8-93d2fa968ca2.
  7. In the Key provider URL field, enter the URL for the encryption keys.
  8. In the Constant initialization vector field, enter 00000000000000000000000000000000.

Outputs Settings

  1. In the Name modifier field for Output 1, enter video-audio.
  2. Click Output 1. The Output 1 settings appear.
  3. Under Encoding Settings, click the Video tab.
  4. In the Max bitrate (bits/s) field, enter 5000000.

PlayReady DRM and Output Settings

DRM Settings

👍

Be sure that the output group is set to DASH ISO.

  1. Click the DRM encryption toggle. The DRM encryption section expands.
  2. In the Resource ID field, enter a unique identifier for your content, this is often referred to as the content ID. This must only contain alphanumeric characters, hyphens (-), or underscores (_).
  3. In the System ID field, enter 9a04f079-9840-4286-ab92-e65be0885f95.
  4. In the Key provider URL field, enter the URL for the encryption keys.

Outputs Settings

  1. Click Add output.
  2. In the Name modifier field for Output 1, enter video.
  3. In the Name modifier field for Output 2, enter audio.
  4. Click Output 1. The Output 1 settings appear.
  5. From the Encoding Settings section sub-navigation, click Video.
  6. In the Max bitrate (bits/s) field, enter 5000000.
  7. Click the Audio 1 tab.
  8. Click Remove audio.
  9. From the main side navigation under Output groups, click the DASH ISO audio input (H.264, AAC, audio).
  10. From the Encoding Settings section sub-navigation, click Video.
  11. Click Remove video.

Widevine DRM and Output Settings

DRM Settings

👍

Be sure that the output group is set to DASH ISO.

  1. Click the DRM encryption toggle. The DRM encryption section expands.
  2. In the Resource ID field, enter a unique identifier for your content, this is often referred to as the content ID. This must only contain alphanumeric characters, hyphens (-), or underscores (_).
  3. In the System ID field, enter edef8ba9-79d6-4ace-a3c8-27dcd51d21ed.
  4. In the Key provider URL field, enter the URL for the encryption keys.

Outputs Settings

  1. Click Add output.
  2. In the Name modifier field for Output 1, enter video.
  3. In the Name modifier field for Output 2, enter audio.
  4. Click Output 1. The Output 1 settings appear.
  5. From the Encoding Settings section sub-navigation, click Video.
  6. In the Max bitrate (bits/s) field, enter 5000000.
  7. Click the Audio 1 tab.
  8. Click Remove audio.
  9. From the main side navigation under Output groups, click the DASH ISO audio input (H.264, AAC, audio).
  10. From the Encoding Settings section sub-navigation, click Video.
  11. Click Remove video.



Test the Content

  1. From Amazon S3, locate the bucket folder you created.
  2. Right-click the folder.
  3. Select Make public.
  4. Click Make public.
  5. Click the folder.
  6. Copy the manifest file URL.
  7. Paste the manifest file URL in the stream tester.


API Gateway

Import the API from Swagger

  1. In the Amazon search bar of the new tab, type API Gateway and click API Gateway. The API Gateway page appears.

📘

You can also click Services > Networking & Content Delivery > API Gateway.


  1. In the REST API section, click Import. A setup page appears.
  2. Under Choose the protocol, select REST.
  3. Under Create new API, select Import from Swagger or Open API 3.
  4. Under Import from Swagger or Open API 3, paste the following JSON.
{
  "swagger": "2.0",
  "info": {
    "title": "speke proxy"
  },
  "basePath": "/speke",
  "schemes": [
    "https"
  ],
  "paths": {
    "/": {
      "post": {
        "produces": [
          "application/json"
        ],
        "parameters": [
          {
            "name": "API-KEY",
            "in": "header",
            "required": false,
            "type": "string"
          }
        ],
        "responses": {
          "200": {
            "description": "200 response"
          }
        }
      }
    }
  }
}

  1. Click Import.



API Gateway Setup

  1. In the POST box, click Set up now.
  2. For the Integration type, select HTTP.
  3. Check Use HTTP Proxy integration.
  4. Set the Endpoint URL to https://speke.vudrm.tech/{your-client-name}/speke.
  5. Click Save. The Method Execution page appears.
  6. Click Integration Request.
  7. Expand the HTTP Headers section.
  8. Click Add header. A row appears.
  9. In the Name field, enter API-KEY.
  10. In the Mapped from field, enter '{your-api-key}'. Be sure that the API key is surrounded by single quotes.
  11. At the end of the row, click the checkmark to save the header.
  12. At the top of the page, click Actions > Deploy API. The Deploy API popup window appears.
  13. From the Deployment stage dropdown menu, select [New Stage].
  14. In the Stage name field, enter an appropriate name.
  15. Click Deploy. The Stage Editor page appears for the stage that has been created.

At the top of the Stage Editor page, your Invoke URL is listed. The Invoke URL can be used by other AWS services to make requests to JW Player's SPEKE API.



Stream Tester

Validate your Studio DRM-protected stream in web environments using the JWP Stream Tester.