AWS S3 Video Streaming & Video Hosting with Amazon CDN and Multi-DRM

Videos significantly increase user engagement, with users spending more time on websites with videos and video content receiving substantially more shares compared to images or text. AWS offers a suite of tools for video hosting, chief among them being Amazon S3 and Amazon CloudFront. Amazon S3 is known for its durability, boasting a 99.999999999% durability rate and 99.99% availability, ensuring that videos stored are not only safe but virtually imperishable. Amazon S3 has been providing cloud services since 2006 and reports storing more than 100 trillion objects in S3 servers as of March 2021. It became popular as an easy and affordable mode to avail of cloud storage services. But, the ease of integration and scalability keeps the users attached. Even large-scale solution providers like VdoCipher use AWS infrastructure to provide a complete AWS S3 Video Streaming package with integrated security and other features.

As AWS S3 uses object storage instead of block storage, it can transfer bundled data with unique identifiers and customizable metadata tags to form complete objects. Object storage infrastructure also has reduced latency when storage is remote. This leads to faster delivery or performance of the overall application, dependent on storage.

What is Amazon S3 Video Hosting?

Amazon S3 or AWS S3 or Amazon Simple Storage Service is a service offered by AWS or Amazon Web Services. It provides object storage through Amazon S3 REST API and web service interface. AWS S3 uses the scalable storage infrastructure used by large networks like Netflix and eCommerce giants like Amazon.

AWS S3 object storage can store any object like file storage for Internet applications, Videos, data backups, recovery, archives, data analytics, and even hybrid cloud storage. However, there are some limits to the uploaded object file size. An AWS S3 object can have a file size between 1 byte and 5TB. If an object exceeds 5TB, it must be divided into maximum chunks of 5TB before uploading. Also, during the upload, a maximum stream of 5GB can be uploaded in a single upload operation. For uploading objects larger than 5GB, a user must use the S3 multipart upload API.

AWS S3 History and Infrastructure Design

Amazon Web Services started offering S3 services to businesses as web services in the United States on March 14, 2006. It further spread to Europe in November 2007 and is now present in 190 countries worldwide. AWS started with 10 billion objects in October 2007 and grew by 10 times to 102 billion objects in March 2010. Amazon reported that it stores more than 100 trillion objects in S3 servers as of March 2021.

It proved to be a success as it provided small, medium, and large-scale businesses an opportunity to replace the upfront capital investment. Earlier, with limited options, they had to bear the large capital cost of setting up servers, and it was still cumbersome to maintain them in multiple locations. Now, users can create hundreds or thousands of S3 servers in minutes and deliver globally via Video CDN distribution.

Infrastructure Design

Objects are the basic storage units of AWS S3, and they are organized into containers called buckets. Each object is identified by a unique user-assigned key in relation to the bucket. Buckets and objects within them can be managed manually using the web interface through the console and programmatically with the Amazon S3 REST API, AWS Command Line Interface (CLI), or AWS SDK.

Every request for an object gets authorized using an access control list (ACL) associated with each object or bucket. Object and Bucket ACLs are independent, meaning that an object does not necessarily inherit the permissions from its bucket. Permission to other AWS account users can also be granted for object access. A bucket can also be configured to log HTTP information to a sibling bucket for data mining operations.

Can Amazon S3 handle HTML5 Video Streaming?

AWS S3 easily handles HTML5 video streaming through basic upload and HTML embed code. You can use any HTML5 open-source video player or browser’s default video playback capabilities with videos hosted on S3. Your HTML code looks like this,

<video controls preload=”auto”
poster=”http://mys3bucket.s3.amazonaws.com/videoImage.jpg”>
<source src=”http://mys3bucket.s3.amazonaws.com/myvideofile.mp4″ type=’video/mp4′ />
</video>

The poster attribute here defines a thumbnail image before the playback.

Customizations during playback or to the player are made via the player frontend, not via AWS. Customizations to the player can be made using a secure video player like that of VdoCipher or java scripts and styling elements for your open-source player.

In the later part, we will also discuss How you can configure an S3 bucket to host your videos. We will do this via uploading video to the bucket, applying global distribution through CloudFront CDN, security, and playback. Using Amazon S3 video hosting with AWS CloudFront to host videos for OTT, on-demand viewing is highly scalable and a faster delivery approach.

Live Video Streaming with AWS S3

Amazon Simple Storage Service (Amazon S3) offers the necessary scalability, data availability, security, and performance required for live video streaming workflows. This service can act as a low-cost origin for live streams, replacing AWS Elemental MediaStore for basic live video origination. Implementing a redundant architecture with AWS Elemental Live and MediaLive ensures a resilient streaming setup. Using a MediaLive standard channel, HLS outputs are generated and directed to two separate Amazon S3 bucket locations, ensuring redundancy. In case of an encoder failure, this setup allows for seamless failover by managing stale manifests and forcing 404 HTTP error codes to trigger redundancy failover as per HLS specifications.

For optimal performance, use adaptive bitrate (ABR) media streaming, organizing media using slash (/) delimiters for each live channel format. Amazon S3 can handle high request rates, achieving up to 3,500 PUT/COPY/POST/DELETE or 5,500 GET/HEAD requests per second per partitioned prefix. Strong read-after-write consistency across all AWS regions ensures that subsequent read requests immediately receive the latest version of an object, maintaining smooth live streaming.

Security features include encryption and access management, with compliance to PCI-DSS, HIPAA, and other regulatory standards. Additionally, content security can be enhanced with access tokenization and Secure Media Delivery at the Edge, while full Digital Rights Management (DRM) can be achieved using DRM + AWS Infrastructure providers like VdoCipher.

Planning an AWS-based Video Infrastructure

The basic objective for planning an AWS S3 Video Streaming Infrastructure is to provide scalable, secure, and faster video delivery for authorized playback or download. AWS S3 provides a scalable infrastructure for video object storage, but further additions are required to enhance the delivery. These additional features include global distribution via AWS CloudFront CDN, transcoding, and encryption. To list down, here are the following necessary components needed to be set up.

• Setting up an S3 bucket
• Upload a video to the S3 bucket
• Transcoding to support Adaptive Bitrate Streaming
• Encrypting the Files before storage
• Create a CloudFront origin access identity and CloudFront distribution
• Configure your CloudFront distribution for your custom domain name
• Dynamic key exchange playback for Encrypted video chunks

All these components are required as basic features to handle different devices and across globe secure delivery. If adaptive bitrate streaming is not set up, it will lead to playback disruption for low-bandwidth network users. Similarly, CDN provides faster delivery across the globe. Finally, setting up a DRM layer of security will protect your videos from illegal downloads and screen capture. Also, setting up all these components requires your familiarity with coding. Using a secure video hosting solution provider with AWS infrastructure is better if that is your weak or capital-intensive area.

S3 bucket creation and upload process for streaming video

Obviously, there are different methods using the web interface through the console and programmatically with the Amazon S3 REST API, AWS Command Line Interface (CLI), or AWS SDK. For simplicity, we will be discussing the steps via AWS Management Console.

1. Sign in to the AWS Management Console & select the Amazon S3 console by searching S3.
2. In the left navigation pane, choose Buckets.
3. Click on Create bucket.
4. Enter a bucket name in the next create bucket page.
5. Choose a preferred region. Keep it closest to your application server, but if only for playback, then closest to the majority audience. When having global viewership, implement CDN.
6. For Unrestricted Public Access, Disable the “Block all public access,” which is by default. The default setting of “Block all public access” is good if you use Cloudfront CDN with S3. This setting doesn’t block viewers from accessing via Cloudfront CDN.
7. You can keep other settings as default and click on Create bucket. This will create your bucket and will be ready to host your videos.
8. In the Objects tab of your new bucket, choose Upload.
9. On the Upload page, choose Add files under Files and folders.
10. Choose a video file to upload from your local system and then choose Open.

Finally, Choose Upload, and the console will start showing a progress bar to display the uploading.

Note: If you’re uploading large video files to S3, file size restriction can disrupt your upload. For such use cases, use Amazon S3 Transfer Acceleration or batch processing. Transfer Acceleration can upload a video over long distances at a faster rate.

Why Avoid Using S3 Buckets alone for Serving Video?

Using Amazon S3 alone for serving video can present several challenges, particularly concerning cost and performance. S3 is designed for storage, not for high-performance media delivery. High traffic can overwhelm S3, as it has a limit of 5000 GET requests per second per partition. This can be problematic for high-demand video services. Additionally, egress data costs from S3 can be high.

For a better experience, using a Content Delivery Network (CDN) like Amazon CloudFront is recommended. CloudFront caches content at edge locations, reducing load times and bandwidth costs. It also supports high request rates better than S3 alone. By integrating CloudFront with S3, you get the benefits of distributed content delivery, optimized performance, and reduced costs. For small videos (like 50MB), this setup can significantly enhance delivery speed and reliability.

To implement this, upload your videos to an S3 bucket and configure CloudFront to use this bucket as the origin. Ensure proper cache control headers for efficient caching. While S3 handles storage, CloudFront manages delivery, providing a seamless and efficient video streaming experience.

Create AWS CloudFront Distribution for CDN support

For optimal video streaming, integrating Amazon S3 with a CDN such as CloudFront is advisable. CloudFront improves performance by caching video content at edge locations closer to users, reducing latency and load times. This setup leverages S3 for storage while utilizing CloudFront’s caching capabilities for delivery, mitigating the limitations of S3 alone. CloudFront also offers cost benefits, with cheaper egress rates compared to direct S3 delivery.

Creating an AWS CloudFront distribution is fairly simple, but it may require additional steps like securing your S3 access by providing access to a special CloudFront user only. We have listed the basic steps of creating a CDN distribution and accessing S3 videos via the distribution URL. Setting up a custom domain for your CloudFront distribution requires further steps and AWS Route 53 service usage.

1. Sign in to the Console and open the CloudFront console by searching for CloudFront and selecting it.
2. Choose Distributions in the left navigation pane.
3. Choose to Create distribution.
4. In the Origin section, choose the domain name of your S3 origin named after the bucket name you created in S3.
5. In the Default cache behavior, choose Redirect HTTP to HTTPS.
6. Keep the default values for other features unless explicitly required and click on Create distribution.

Now, AWS will create a subdomain for your CloudFront distribution, and the S3 video files can be accessed by suffixing the object name at the end of this subdomain. As soon as a request is made via distribution, it will start creating copies of the video file as per the price class of locations chosen.

Batch Transcoding for Adaptive bitrate streaming

Consumers of any small, medium, or large-scale video providers use devices of all sizes and shapes for video playback. Such a large list of screen sizes and network capacity poses a challenge to cater to them more effectively and enhance their user experience. That is why no single object can cater to all of them instead of a range of video objects. These objects are actually copies in different formats, sizes and bitrates. AWS provides a scalable feature to accomplish this task which is called transcoding. There are following major steps included in the process.

1. Upload input videos
2. Start processing the video file for different playback options
3. Storing the transcoded video files within folders under the S3 bucket
4. Delivering the output video files as per users compatibility

You need to set up S3 Batch Operations, invoke a Lambda function, and call MediaConvert to batch-transcode media objects in an S3 bucket. The outputs are finally moved into the S3 source bucket as separate objects, like,

• An HLS adaptive bitrate stream for multi-size and bandwidth playback
• A .mp4 video file
• Thumbnail images from regular intervals during playback

We will now highlight the categories of steps you need to take to set up batch transcoding for adaptive bitrate streaming. Please refer to the AWS documentation of the steps mentioned below for detailed singular steps.

1. Create an IAM role for MediaConvert, S3 Batch Operations, and Lambda function
2. Start a Lambda function for video transcoding
3. Configure Amazon S3 Inventory as a source bucket
4. Run an S3 Batch Operations job to process the output media files from and to the S3 bucket

Applying Encryption for security from illegal downloads

AWS itself provides a security mechanism under three server-side encryption mechanisms. They are mutually exclusive options and depend upon how you decide to manage the encryption keys.

1. Amazon S3-Managed Keys (SSE-S3)
2. KMS keys Stored in AWS Key Management Service (SSE-KMS)
3. Customer-Provided Keys (SSE-C)

But many tools can break these key management systems and require some strong protection technology like DRM. It becomes secure majorly due to two reasons, control over devices and browsers by license providers and secondly due to dynamic and updated key exchange system. Again, setting up DRM is fairly technical, and thus, we are listing the basic steps required on your side to be processed technically.

1. You must acquire a DRM license through providers like Google Widevine and Apple Fairplay. They let you use their system to generate and store your DRM content keys and authenticate the media request during storage and playback.
2. Set up an AWS server to batch-process the media files for encryption and store your encrypted video files in an S3 bucket.
3. You will also have to create a live application that authenticates and authorizes your playback users using the licensee dynamic key management system.

Finally, you will need an online media player capable of handling DRM-protected video file playback. This mechanism protects your videos from being illegally downloaded using any tools. On Android and Apple devices, it also protects screen capture, but obviously, it can be video recorded, and it is thus advised to enable a dynamic watermark.

How to playback AWS S3-hosted videos

Playback of AWS S3-hosted video files is fairly simple. You need an open-source video player that supports HTML5 playback. You also get additional features if you use any secure AWS hosting provider like VdoCipher with DRM protection. Otherwise, the playback on any HTML page is similar to what was explained for the HTML5 video earlier.

The video from AWS S3 will play automatically through the browser player configuration.
The code required is simple and can be integrated manually as an iframe or via plugins, API, etc.

<video controls>
<source src=”http://mys3bucket.s3.amazonaws.com/myvideofile.mp4″>
</video>

Challenges in setting up AWS S3 Video Streaming

Even for a DevOps engineer, all the setup tasks mentioned above are moderately cumbersome. Even if we ignore the bug fixes and exception handling, there is a lot to do from starting the upload to storage and final playback. Also, if you plan to integrate security into your video infrastructure, it requires getting licenses and their integrations. To summarize the challenges, let us list down four major stages required in setting up AWS S3 Video Streaming and their difficulty levels.

1. S3 bucket creation and upload – Easy
2. AWS CloudFront set up – Easy
3. Batch Transcoding for adaptive playback – Moderate
4. Applying DRM Encryption – Difficult

Small, medium and large-scale video streaming providers mainly use a solution provider with a history of providing the best in class service and features. They can help you evade the challenges in the implementation part and the challenges in creating dashboards, APIs, etc., for easy integration.

Secure Video hosting solution on AWS Infrastructure – VdoCipher

As a secure video hosting solution provider on AWS Infrastructure, the best one based on global reviews is likely VdoCipher. It not only provides AWS S3-hosted videos but provides a ton of other features, like,

Google and Apple FairPlay DRM Encryption – protect videos from unauthorized access and downloads via Widevine and FairPlay DRM.

Dynamic watermarking – to discourage screen capture, details like user ID, email, etc., can be dynamically watermarked over the video.

Secure offline downloads in apps – VdoCipher iOS native SDK securely enables video download on the device.

Google SafetyNet for app-based security – SafetyNet to block playback on duplicate apps.

Plugins – The video plugin by VdoCipher supports WordPress, Moodle, and other CMSs and LMSs.

Geo-Restrictions – For blacklisting or whitelisting specific countries

Smart HTML5 Video Player – dynamic controls with multi-lingual subtitle support, change playback speed, theme options, and API to add overlay buttons for tracking viewer interactions with video.

Adaptive Video Quality with CloudFront CDN – VdoCipher uses Global AWS Cloud Infrastructure. Storage on AWS S3, batch Transcoding via VdoCipher algorithms on AWS EC2, Streaming of content via Cloudfront CDN, and Encryption by integrating Google and Apple DRM. If you want to know more about, what is transcoding, you can visit the blog linked.

FAQs

Does AWS provide DRM protection for video streaming?

AWS has no DRM protection service of its own, which is why it needed to be integrated with Google Widevine and Apple Fairplay DRM for illegal download protection.

Can we load an AWS S3 hosted into an Iframe?

Yes, it requires just placing your video tags under iframe tags in HTML and has compatibility support in every browser.

Is AWS S3 storage expensive for video streaming?

AWS S3 storage is the most affordable storage if you are looking forward to scaling and adding additional features like adaptive bitrate streaming, CDN, and encryption. Also, due to AWS’s affordable pricing, DRM technology integration still makes it highly affordable.