If you configure a private Object Storage Service (OSS) bucket as your origin server to implement access authentication and block unauthorized access, we recommend that you grant Alibaba Cloud CDN permissions to access the OSS bucket and enable the private bucket access feature. This way, Alibaba Cloud CDN Edge Security Acceleration (ESA) can accelerate the delivery of resources in the private OSS bucket. You can use the live transcoding feature to play videos uploaded to OSS on different terminals and under different network conditions. To improve the video playback and transcoding speeds and efficiency, you can use Alibaba Cloud CDN, which helps reduce bandwidth consumption and loads in OSS.
Scenarios
You can use Alibaba Cloud CDN to accelerate delivery of frequently accessed videos. This approach reduces the load on original video storage services, such as OSS, optimizes bandwidth costs, and ensures a fast and seamless viewing experience for your audience.
Prerequisites
An Alibaba Cloud account is created.
Alibaba Cloud CDN is activated. The live transcoding feature is configured in Intelligent Media Management (IMM). For more information, see Activate Alibaba Cloud CDN and Live transcoding.
Back-to-origin routing is configured for the private bucket. For more information, see Configure access to private OSS buckets.
Procedure
Step 1: Authorize Alibaba Cloud CDN to access the private OSS bucket and IMM
When you configure back-to-origin routing to a private bucket, you are prompted to authorize Alibaba Cloud CDN to access OSS by using the automatically created AliyunCDNAccessingPrivateOSSRole role. You need to modify the policy for the AliyunCDNAccessingPrivateOSSRole role in the Resource Access Management (RAM) console to also allow Alibaba Cloud CDN to access IMM.
The following examples show how to grant full access permissions and fine-grained access permissions.
Grant the AliyunCDNAccessingPrivateOSSRole role full access permissions on IMM and OSS.
Grant AliyunCDNAccessingPrivateOSSRole fine-grained access permissions. For more information, see Permissions. The following example shows a custom policy named aliplayer-test that grants the least permissions that are required in this scenario.
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:GetObject",
"oss:PostProcessTask",
"oss:ProcessImm"
],
"Resource": "*"
},
{
"Action": [
"imm:GenerateVideoPlaylist",
"imm:LiveTranscoding"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": "ram:PassRole",
"Resource": "acs:ram:*:*:role/aliyunimmdefaultrole"
}
],
"Version": "1"
}Step 2: Configure back-to-origin rules for live transcoding
Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click Domain Names.
On the Domain Names page, find the domain name and click Manage.
In the left-side navigation tree, click Rules Engine.
On the Rules Engine page, click Add Rule to add an extension-based rule that includes TS files.
NoteIf the bucket contains TS files that are not generated from a live transcoding process, you must also add a rule that excludes such TS files.
In the left-side tree, click Origin Fetch. Click the Parameter Rewrite tab, turn on the Feature Switch toggle. In the Parameter Rewrite dialog box, enter
x-oss-process=if_status_eq_404{hls/ts}in the Add field and select the rule that you created earlier from the Rule Condition drop-down list.
Use Alibaba Cloud CDN to access video data in the bucket to trigger live transcoding
You added the x-oss-process=if_status_eq_404{hls/ts} parameter during back-to-origin configuration. You can directly use the CDN-accelerated domain name and the file path to M3U8 files in the bucket to trigger live transcoding, without the need to add the hls/sign parameter. For more information, see Live transcoding.
You must use a browser or player that supports HTTP Live Streaming (HLS). For example, you can use the VLC player.