Video Streaming

We use HTTP Live Streaming (HLS) to stream videos to our users. Videos are stored on an Amazon S3 bucket, and served to users through Amazon CloudFront.

Let’s look at how user request flow as illustrated in Figure 1 above works.

1. Client requests signed URL to *.m3u8 file by making API call to a protected resource.
2. CloudFront behavior is matched based on path pattern. Request is forwarded to origin.
3. Lambda gets CloudFront private key and caches for subsequent requests.
4. Using the private key, the URL to *.m3u8 file is signed and returned to the client.
   Before signing the URL, you want to verify if the user is authorized to watch the requested content. Only if this is the case, you sign the URL and return it back to the client application.
5. Client requests *.m3u8 file, passing custom query params Key-Pair-Id-PREFIX, Policy-PREFIX and Signature-PREFIX.
6. CloudFront behavior is matched and request is forwarded to the origin.
7. CloudFront makes origin request and passes custom headers.
8. API Gateway forwards the request to Lambda that has proxy integration configured with a greedy path variable ({proxy+}). This will allow Lambda function to programmatically identify how to get the manifest from S3 bucket in the next step.
9. Lambda function gets the original *.m3u8 manifest file from S3.
10. Lambda function modifies the .m3u8 manifest by appending signed URL params to each *.ts file name.
11. Client requests *.ts file, passing query params as part of request URL.
12. CloudFront behavior is matched and request is forwarded to the origin.
13. CloudFront makes origin request to S3 and returns *.ts file.