During setup of your Vidispine as a Service, for instance a Team Edition, you will be asked to configure an initial storage and a storage for thumbnails.



In AWS this storage is a S3 bucket. You may choose to use different S3 buckets or simply use a single bucket with different subdirectories for storage or thumbnails.


To create a S3 bucket in AWS, direct your attention to the webpage of your AWS account and the Service S3. To create a bucket, click the Create Bucket button and follow the instructions prompted by AWS. To create the subdirectories, click on your bucket and then click the button Create folder. Choose a name for the initial storage. Repeat this process for the thumbnails directory.


In order for the S3 Bucket to be accessible for Vidinet a user needs to be created, or modified, to be allowed to use this resource. To grant permissions for the user to the S3 storage resource an AWS IAM Policy is used.


First, create a new user that should have permission to access this S3 bucket. Navigate to the AWS IAM Service. Click Users and then click then button Add user. Follow the instruction prompted by the dialog box. Make sure to enable Programmatic Access to this users Access type.

During the user creation phase you will be prompted with the access key ID and secret access key - make sure to note these down in safe manner.


In order for this user to have access to the S3 resource you previously created, an IAM Policy needs to be set on this user. This can be done in several ways, one way is to use an inline policy for the user. Navigate to IAM Service once more, click Users and then click on the specific user you want to change permissions on. In our case this would be the user vidinet-user. Click the add inline policy button on the permissions tab for the user.


The permissions this user needs on the S3 resource objects are: GetObject, PutObject, DeleteObject and DeleteObjectVersion. For the S3 bucket itself the user needs: ListBucket and GetBucketLocation. Finally the user needs permission to list all buckets for this account: ListAllMyBuckets for all resources.


To achieve this enter the JSON tab on the inline policy and fill in the policy information. For us, this would look like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowUserToReadWriteObjectDataInBuckets",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::my-vaas-storage/*"
            ]
        },
        {
            "Sid": "AllowListingOfBuckets",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::my-vaas-storage"
            ]
        },
        {
            "Sid": "AllowListingOfAllBuckets",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "*"
        }

    ]
}


After the storage, user and the policy has been created and updated we can proceed by filling in this information for the Vidispine as a Service setup.