CloudFront CDN Watermark Embedder Guide
Overview
This document describes how to apply PallyCon watermark embedder with Lambda@Edge for service sites using the Amazon CloudFront CDN.
sequenceDiagram
participant A as End user
participant C as CDN
A ->> C: Start playback of Session URL (request segments)
Note right of C: Watermark embedder module
C -->> C: Segments mixing by Session URL
C ->> A: Send mixed segments
Note right of A: Playback of mixed content
The source files needed for setting up Lambda@Edge can be downloaded from the Sample download page.
Create Lambda@Edge
- Connect to the AWS console, select the lambda menu, and click the
create function
button. - Select region to
N. Virginia
. (Lambda@Edge must be created in the Virginia Region.)
1. Select runtime
- Choose a Node.JS runtime later than v10. (10.x, 12.x, or 14.x)
2. Set roles
-
Select
Create a custom role
. -
Create a Role by adding the permissions
lambda:GetFunction
,lambda:EnableReplication*
,iam:CreateServiceLinkedRole
,cloudfront:UpdateDistribution
, andcloudfront:CreateDistribution
as explained in CloudFront Guide. -
Add logs related permission to collect Lambda access log into cloudwatch logs.
{ "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }
-
Add the following roles to the
Trust Relationship
tab of the created Role.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com", "edgelambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
-
Apply the generated role to the lambda role.
3. Upload function
-
Click
Create Function
button to create lambda. -
Select
Upload a .ZIP file
ofFunction Code
-Code entry Type
and add the lambda source downloaded from Console site. -
Click the
Save
button to upload the source and modify the uploaded source via Cloud9.
4. Modify function source
Please be aware that if you modify a source other than those listed below, an error may occur.
-
Set the value of the corresponding variable in the table below.
Source LineNameRequiredDescription 3 AVAILABLE_INTERVAL True The URL requested for watermarking contains a timestamp value. This item is the value for checking the validity of the timestamp.
If set to 0, the timestamp validity period is not checked.
Unit: (minutes)4 AES_KEY True Enter the site key value provided by the PallyCon console site. -
After saving, click
Publish new version
ofAction
button to create version. -
Copy the ARN containing the generated version. It is displayed in the upper right corner.
- e.g. arn:aws:lambda:us-east-1:{account no.}:function:{lambda name}:{version}
Configure CloudFront
This guide assumes that you already created your CloudFront.
Apply Lambda@Edge
Connect to the AWS console, select the CloudFront
menu and select CloudFront to apply Lambda@Edge.
1. Set Behaviors
-
Select the
Behaviors
tab, check the check box displayed and click the Edit button. -
Configure
Lambda Function Associations
items.- EventType : select
Viewer Request
- Lambda Function ARN : input the ARN copied during Lambda@Edge creation process.
- EventType : select
-
Click the
Yes, Edit
button.
2. Finish configuration
The status of CloudFront is changed to InProgress
, and when Lambda@Edge is applied, status is changed to Deployed
and all settings are completed.
For more information about Lambda@Edge, please refer to CloudFront guide from AWS.