CloudFront Embedder Guide
Overview
This document describes how to apply PallyCon watermark embedder with Lambda@Edge for service sites using the Amazon CloudFront CDN.
sequenceDiagram
participant A as End user
participant C as Cloud Front CDN
A ->> C: Start playback of Session URL (request segments)
Note right of C: Watermark embedder
C -->> C: Segments mixing by Session URL
C ->> A: Send mixed segments
Note right of A: Playback of mixed content
CloudFront Embedder files needed for setting up Lambda@Edge can be downloaded from the Sample download page.
Create Lambda@Edge
- Connect to the AWS console, select the lambda menu, and click the
create functionbutton. - Select region to
N. Virginia. (Lambda@Edge must be created in the Virginia Region.)
1. Select runtime
- Choose a Node.JS runtime later than v10. (10.x, 12.x, or 14.x)
2. Set roles
-
Select
Create a custom role. -
Create a Role by adding the permissions
lambda:GetFunction,lambda:EnableReplication*,iam:CreateServiceLinkedRole,cloudfront:UpdateDistribution, andcloudfront:CreateDistributionas explained in CloudFront Guide. -
Add logs related permission to collect Lambda access log into cloudwatch logs.
{ "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" } -
Add the following roles to the
Trust Relationshiptab of the created Role.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com", "edgelambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } -
Apply the generated role to the lambda role.
3. Upload function
-
Click
Create Functionbutton to create lambda. -
Select
Upload a .ZIP fileofFunction Code-Code entry Typeand add the lambda source downloaded from Console site. -
Click the
Savebutton to upload the source and modify the uploaded source via Cloud9.
4. Modify function source
Please be aware that if you modify a source other than those listed below, an error may occur.
-
In the
config.jsonsource, set the value of the corresponding variables as below.Name Required Description aesKey True Enter the site key value provided by the PallyCon console site. type True Enter unlabeled_a_variantif preprocessed A/B version segments are stored together in one folder, and enterdirectory_prefixif they are packaged in separate0and1folders. If you use the latest version of the FWM CLI packager or if you are a new customer of PallyCon SaaS packaging service, it is basically packaged in the form ofUnlabeled A Variant. (default:unlabeled_a_variant)availableInterval True The URL requested for watermarking contains a timestamp value. This item is the value for checking the validity of the timestamp.
If set to 0, the timestamp validity period is not checked.
Unit: (minutes) -
After saving, click
Publish new versionofActionbutton to create version. -
Copy the ARN containing the generated version. It is displayed in the upper right corner.
- e.g. arn:aws:lambda:us-east-1:{account no.}:function:{lambda name}:{version}
Configure CloudFront
This guide assumes that you already created your CloudFront.
Apply Lambda@Edge
Connect to the AWS console, select the CloudFront menu and select CloudFront to apply Lambda@Edge.
1. Set Behaviors
-
Select the
Behaviorstab, check the check box displayed and click the Edit button. -
Configure
Lambda Function Associationsitems.- EventType : select
Viewer Request - Lambda Function ARN : input the ARN copied during Lambda@Edge creation process.
- EventType : select
-
Click the
Yes, Editbutton.
2. Finish configuration
The status of CloudFront is changed to InProgress, and when Lambda@Edge is applied, status is changed to Deployed and all settings are completed.
For more information about Lambda@Edge, please refer to CloudFront guide from AWS.