CloudFront Embedder Guide
Overview
This document describes how to apply PallyCon watermark embedder with Lambda@Edge for service sites using the Amazon CloudFront CDN.
sequenceDiagram
participant A as End user
participant C as Cloud Front CDN
A ->> C: Start playback of Session URL (request segments)
Note right of C: Watermark embedder
C -->> C: Segments mixing by Session URL
C ->> A: Send mixed segments
Note right of A: Playback of mixed content
CloudFront Embedder files needed for setting up Lambda@Edge can be downloaded from the Sample download page.
Create Lambda@Edge
- Connect to the AWS console, select the lambda menu, and click the
create function
button. - Select region to
N. Virginia
. (Lambda@Edge must be created in the Virginia Region.)
1. Select runtime
- Choose a Node.JS runtime later than v10. (10.x, 12.x, or 14.x)
2. Set roles
-
Select
Create a custom role
. -
Create a Role by adding the permissions
lambda:GetFunction
,lambda:EnableReplication*
,iam:CreateServiceLinkedRole
,cloudfront:UpdateDistribution
, andcloudfront:CreateDistribution
as explained in CloudFront Guide. -
Add logs related permission to collect Lambda access log into cloudwatch logs.
{ "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }
-
Add the following roles to the
Trust Relationship
tab of the created Role.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com", "edgelambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
-
Apply the generated role to the lambda role.
3. Upload function
-
Click
Create Function
button to create lambda. -
Select
Upload a .ZIP file
ofFunction Code
-Code entry Type
and add the lambda source downloaded from Console site. -
Click the
Save
button to upload the source and modify the uploaded source via Cloud9.
4. Modify function source
Please be aware that if you modify a source other than those listed below, an error may occur.
-
In the
config.json
source, set the value of the corresponding variables as below.Name Required Description aesKey True Enter the site key value provided by the PallyCon console site. type True Enter unlabeled_a_variant
if preprocessed A/B version segments are stored together in one folder, and enterdirectory_prefix
if they are packaged in separate0
and1
folders. If you use the latest version of the FWM CLI packager or if you are a new customer of PallyCon SaaS packaging service, it is basically packaged in the form ofUnlabeled A Variant
. (default:unlabeled_a_variant
)availableInterval True The URL requested for watermarking contains a timestamp value. This item is the value for checking the validity of the timestamp.
If set to 0, the timestamp validity period is not checked.
Unit: (minutes) -
After saving, click
Publish new version
ofAction
button to create version. -
Copy the ARN containing the generated version. It is displayed in the upper right corner.
- e.g. arn:aws:lambda:us-east-1:{account no.}:function:{lambda name}:{version}
Configure CloudFront
This guide assumes that you already created your CloudFront.
Apply Lambda@Edge
Connect to the AWS console, select the CloudFront
menu and select CloudFront to apply Lambda@Edge.
1. Set Behaviors
-
Select the
Behaviors
tab, check the check box displayed and click the Edit button. -
Configure
Lambda Function Associations
items.- EventType : select
Viewer Request
- Lambda Function ARN : input the ARN copied during Lambda@Edge creation process.
- EventType : select
-
Click the
Yes, Edit
button.
2. Finish configuration
The status of CloudFront is changed to InProgress
, and when Lambda@Edge is applied, status is changed to Deployed
and all settings are completed.
For more information about Lambda@Edge, please refer to CloudFront guide from AWS.