Hybrik Player Setup Tutorial

Hybrik allows you to play back video assets from its Storage Browser, providing a convenient way to preview files directly from S3. Before using the web player, however, you must enable additional permissions on the IAM account and S3 bucket(s) that you are using with Hybrik. The reason for this is that the Hybrik web UI does not have access to your files, nor would you want to make those files public. The mechanism that Hybrik uses to play these files in the web browser is the AWS Security Token Service (STS) which generates temporary authorization tokens for S3 objects. This gives your browser (and no one else) the ability to play your S3 content.

In addition to setting the STS permission, you will also need to modify the Cross-Origin Resources Sharing (CORS) settings on the S3 buckets where you would like to be able to play content. CORS HTTP headers are a security feature used to restrict a web page from loading resources from other domains.

This tutorial will walk you through granting your Hybrik IAM user permissions to use the AWS Security Token Service, as well as updating the CORS headers on an S3 bucket.

Enabling STS

1. Log into the AWS management console. Enter IAM in the search box and then click on IAM in the search results, or find IAM listed under Security, Identity, and Compliance.
2. On the left side of the IAM welcome page, click on Users. Click on the user that you use with Hybrik; this should match the user in the Credentials Vault that has access to your S3 bucket.
3. Click Add Inline Policy.
4. The policy visual editor will appear, choose the tab at the top labeled JSON
5. Copy and paste the following policy into the json editor.

     {
      "Version": "2012-10-17",
      "Statement": [
      {
          "Sid": "Stmt1488296745000",
          "Effect": "Allow",
          "Action": [
              "sts:GetFederationToken"
          ],
          "Resource": [
              "arn:aws:sts::YOUR_AWS_ACCOUNT_ID_GOES_HERE:federated-user/hybrik_*"
          ]
      }]
     }
   

   Make sure to replace YOUR_AWS_ACCOUNT_ID_GOES_HERE with your account number which can be found by clicking on your account name in the upper right corner of the AWS console and clicking My Account. Click Review Policy

6. Add a Name to your policy such as hybrik-player-sts, then choose Create Policy at the bottom right.
   
   NOTE: Amazon has a bug where it will display what appears to be an error as pictured below. This is actually a warning, not an error. You should still click “Create Policy”
7. Your STS policy is now created! You can preview it by clicking on Show More and opening the disclosure triangle

When Hybrik generates the temporary token from STS, we will always use the prefix hybrik_.

NOTE: You can alternatively add this as a standard IAM policy or to an existing IAM policy, it does not need to be an inline policy

Configuring CORS headers on your S3 Bucket

1. Log into the AWS management console. Enter “S3” in the search box and then click on “S3” in the search results, or find “S3” listed under Storage
2. Click on the S3 Bucket that you’re using with Hybrik.
3. Click on the Permissions tab and then scroll to CORS configuration. Paste the following JSON into the CORS configuration editor text area:

 [
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*.hybrik.com"
        ]
    }
]

Finally, click Save.

You should now be able to play back media by selecting a video asset in the Storage browser and clicking Play. The player supports most browser-compatible formats, such as h264 in an mp4 container. You can even select the master playlist (.m3u8 or .mpd) file for HLS and DASH media and verify the playback of your Adaptive Bitrate files.

Note: If your window is small, the play button might be in the “Action” menu

A new window will pop-up with the video.