Stream Target Related
      Back to home
      1. Wowza Technical Support FAQ
      2. Wowza Streaming Engine
      3. Stream Target Related

      Create an IAM admin and user group in AWS

      This article ONLY applies to the Wowza Streaming Engine + Wowza CDN with Fastly push-based workflow. This article explains how to create an IAM account in AWS. Identity and Access Management (IAM) allows you to specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure the least privileged permissions.

      You will need your IAM credentials configured in order to access your S3 storage for the Streaming Engine + Fastly push-based workflow.

      _____________________________________________________________________________________

      Step 1: Create an AWS account.

      1. Create your new AWS account here and set up your root account.
      2. Follow the online instructions.
      • There are two different types of users in AWS. You are either the account owner (root user) or you are an AWS Identity and Access Management (IAM) user. The root user is created when the AWS account is created. IAM users are created by the root user or an IAM administrator for the account.
      • When you create your new AWS account you will first create the root user login credentials.

      Screen_Shot_2022-02-28_at_2.00.28_PM.png

       

      Step 2: Create an administrator IAM

      Next, you will create an administrator IAM user. This account will be able to add users to the group.

      If you already have an AWS account, you can sign in to the IAM console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password. If you are creating a brand new AWS account, once you are finished, simply click the button to go to the AWS console in the upper right corner of the screen.

      Screen_Shot_2022-02-26_at_7.26.34_AM.png

      1. The first step is to set up the administrative IAM user. (User groups can be added later.)
      2. On the navigation bar, click the dropdown next to your account name, and then choose Account

        Screen_Shot_2022-02-28_at_2.23.14_PM.jpeg

        Scroll down the account page until you see the section for IAM User and Role Access to Billing
        Screen_Shot_2022-02-28_at_2.29.01_PM.png

      3. Next to IAM User and Role Access to Billing Information, choose Edit. You must be signed in as the root user for this section to be displayed on the account page.

      4. Select the check box to Activate IAM Access and choose Update.

      5. On the navigation bar, choose Services and then IAM to return to the IAM console.

      Step 3: Add IAM user groups

      1. In the navigation pane, choose Users and then choose Add users.

      2. On the Details page, do the following:

        1. For the User name, type Administrator.

        2. Select the check box for AWS Management Console access, select Custom password, and then type your new password in the text box.

        3. By default, AWS forces the new user to create a new password when first signing in. You can optionally clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.

        4. Choose Next: Permissions.

      Step 4: Configure permissions for your group

      On the Permissions page, do the following:

        1. Choose Add user to group.

        2. Choose Create group.

        3. In the Create group dialog box, for Group name type Administrators.

        4. Select the check box for the AdministratorAccess policy.

        5. Choose Create group.

        6. Back on the page with the list of user groups, select the check box for your new user group. Choose Refresh if you don't see the new user group in the list.

          • You will be directed next to create tags that are 100% optional. This is descriptive information about your group for personal organization purposes.

      Step 5: Review and accept your selections

      1.  Choose Next: Review. Verify the user group memberships. When you are ready to proceed, choose Create user.
      2.  On the Complete page, you can download a .csv file with login information for the user, or send email with login instructions to the user.

      IMPORTANT: You must download this .csv file so you have access to the following:

      • Access ID, for example, AKIAI6234VXXREN3KWJQ
      • Secret Access Key, for example, y1PFFPOEwSrUfvvvdalA1qs9sFDM7+QzQTMHoqP7/

      This information will be required for the Wowza Streaming Engine + Wowza CDN with Fastly push-based workflow. 

      Once you have your IAM credential configured, you will now have two choices when you or your group users login to AWS:

      • Root user 
      • IAM user

      root_or_IAM.png

       

      AWS recommends you log in as an IAM user for tasks and for access to S3 assets. It is advised you securely lock away the root user credentials and use them to perform only a few account and service management tasks.

      Step 6: Login using the AMI credentials and create an S3 bucket

      Once you have created an AWS account, you can create the S3 bucket before or after you create the AMI user groups. The order in which you do this is optional, but before you begin the Streaming Engine push-based workflow, you will need to have your S3 bucket and IAM users configured.

      Once you have both, you can proceed to the following documentation on Wowza.com and configure your push-based workflow with the Fastly CDN.

      Send Apple HLS and MPEG-DASH content to Amazon S3 using Wowza Streaming Engine

       _________________________________________________________________

      Additional Resources:

      What is IAM and why do I need it in AWS? 

      Getting Started with IAM and Permission Options