Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Eyevinn/lambda-protect-hls

Lambda function for handling restricted access to HLS
https://github.com/Eyevinn/lambda-protect-hls

service

Last synced: 3 months ago
JSON representation

Lambda function for handling restricted access to HLS

Host: GitHub
URL: https://github.com/Eyevinn/lambda-protect-hls
Owner: Eyevinn
License: mit
Created: 2021-12-08T14:41:11.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2022-01-08T14:34:00.000Z (almost 3 years ago)
Last Synced: 2024-07-27T18:55:44.470Z (4 months ago)
Topics: service
Language: TypeScript
Size: 105 KB
Stars: 4
Watchers: 7
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # lambda-protect-hls

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Slack](http://slack.streamingtech.se/badge.svg)](http://slack.streamingtech.se)

Lambda function to handle access to HLS from a Cloudfront CDN distribution where signed URLs are required.

## How it works

Content distributed through a Cloudfront CDN that restricts viewer access requires a signature attached to each request as either a query parameter or a cookie provided on every client request. The way an HLS supported video player works is that it first fetches a manifest containing a list of media playlists. A media playlist contains the list of video segments that the video player downloads when playback is started. This Lambda function handles these requests and ensures that the URLs to media playlists and video segments includes a valid signature as query parameters. To sign the URLs the Lambda function needs the private key from the keypair that you have configured the Cloudfront CDN with.

A [blog post](https://dev.to/video/protect-hls-streams-on-aws-using-cloudfront-and-lambda-function-336g) detailing how this works is found [here](https://dev.to/video/protect-hls-streams-on-aws-using-cloudfront-and-lambda-function-336g).

## Setup

1. Create an AWS Lambda function (Node.js 14.x runtime)

2. Create a new role with basic Lambda permissions

3. Clone this repository, build and create a zip bundle

```

npm install

npm run build

cd dist

zip -qq -r ../bundle.zip ./

```

4. Deploy the `bundle.zip` to your created Lambda function.

5. Create and set the following environment variables:

```

PRIVATE_KEY_B64 = ""

PUBLIC_KEY = "

```

6. Create and setup an Elastic Load Balancer that forwards requests to a Lambda target group configured to trigger the Lambda function you have created.

By default (and as a proof of concept) this Lambda uses Basic authentication to unlock access. It ask the browser for authentication when requesting the manifest. This is something you would normally modify to use a bearer / session token that is provided to the video player after veriyfing that the user is entitled to access this specific stream. You can set the username and password from the environment variables `POC_USERNAME` and `POC_PASSWORD`.

A live example of this Lambda in actions is found here: `https://hls-signed.lambda.eyevinn.technology/DEC6_TEST_002/master.m3u8` (`eyevinnpoc:eyevinnpoc`).

# About Eyevinn Technology

Eyevinn Technology is an independent consultant firm specialized in video and streaming. Independent in a way that we are not commercially tied to any platform or technology vendor.

At Eyevinn, every software developer consultant has a dedicated budget reserved for open source development and contribution to the open source community. This give us room for innovation, team building and personal competence development. And also gives us as a company a way to contribute back to the open source community.

Want to know more about Eyevinn and how it is to work here. Contact us at [email protected]!