Configure an S3 Origin

Media Delivery supports configuring an Amazon S3 bucket as an origin. For comprehensive instructions on configuring origins, see Configure an Origin. Specific details for configuring an S3 bucket as an origin are provided in this article.

Configure the Origin

To configure an S3 origin:

1. When configuring a Single Origin, an Origin with Failover, or a Round Robin List, set the parameters described in the following steps.
2. In the Add Host Origin dialog, from the Origin Authentication dropdown, select Signature V4.

3. Define these fields:

   Attribute	Description
   Access Key	The access key ID associated with the AWS account or IAM user that has permissions to access the S3 bucket.
   Private Secret Key	Select the secret access key used to authenticate and authorize requests to the S3 bucket. If needed, first add the key to the dropdown menu.
   Region	The AWS region where the S3 bucket is hosted.

4. In the Origin Hostname field, enter the s3 bucket origin hostname.

   

5. Optionally, define the other attributes, as described in Configure an Origin.

6. Save the origin.

Add the Key

To make your key available for selection when configuring an S3 origin, upload it to the CDN. Note that all keys uploaded by users in your organization will be available to all projects created by users in your organization.

To upload a key:

1. When configuring the origin, set Origin Authentication to Signature V4. Additional fields and the Manage all keys button are displayed.
   

2. Select Manage all Keys.

3. In the Key Management dialog, select Add Key.

4. In the Add Key dialog:

   • Key Name - Enter a descriptive Key Name.
   • Key - Copy the Base64 encoded cryptographic key (hashed with SHA-256).
   • Description - Enter a short text that describes the key.
     
     
     

5. Select Add Key.

Set an Origin Selection Rule by AWS Region

You can use the Origin Selection Rule to direct a request to an S3 origin, based on the location of the CDN cache that received the client request.

Each Qwilt CDN cache (also known as a Qwilt Node or Qwilt Box) is assigned a label that indicates the AWS region where it is located (e.g., use-east-1, us-east-2).

You can leverage this label to direct requests to an S3 origin in the same region as the Qwilt Cache that received the request.

To do this, create a match expression that uses the "cdnAwsRegion" variable, which represents the label value, and define what happens when there is a match.

In the following example, the expression var.cdnAwsRegion == 'us-east-2' sets an exact match condition for the label 'us-east-2'.

If the match condition is met, (i.e., if the receiving cache is labeled 'us-east-2'), the CDN will use the specified origin: example-bucket.s3.us-east-2.amazonaws.com.

You can also use a regex match when building the match condition. For example var.cdnAwsRegion ~= 'us-east' matches any label containing the string 'us-east', such as us-east-1 or us-east-2.

Valid cdnAwsRegion Values

af-south-1
ap-east-1
ap-northeast-1
ap-northeast-2
ap-northeast-3
ap-south-1
ap-south-2
ap-southeast-1
ap-southeast-2
ap-southeast-3
ap-southeast-4
ca-central-1
cn-north-1
cn-northwest-1
eu-central-1
eu-central-2
eu-north-1
eu-south-1
eu-south-2
eu-west-1
eu-west-2
eu-west-3
me-central-1
me-south-1
sa-east-1
us-east-1
us-east-2
us-gov-east-1
us-gov-west-1
us-west-1
us-west-2
GLOBAL