A set of ruby CLI tools for creating and modifying Amazon Cloudfront Private Streaming Distributions and Origin Access ID's, using the RightAWS ruby library.
I created these tools a in late 2010 because I needed to setup a private streaming distribution (RTMP) on Amazon Cloudfront. However, the Amazon web management console did not support this and I could not find any cli tools either.
Luckily the right_aws ruby libraries (>= 2.0.0) already had support for Private Streaming distributions, so all I had to do was put together a few CLI wrappers to make them easy for admins to utilize.
$ ./cf-streaming-distribution.rb --help
Synopsis
--------
cf-streaming-distribution: Manipulate Amazon Cloudfront Streaming
Distributions
Usage
-----
cf-streaming-distribution.rb [OPTIONS] [command] [args]
Commands
--------
list
List all Streaming Distributions
get [aws_id]
Get details about the Streaming Distribution identified by [aws_id].
create [bucket]
Create new Streaming Distribution using S3 origin bucket [bucket]. CNAMEs
can optionally be specified with multiple --cname options, and a comment can
be applied with --comment option
delete [aws_id] [e_tag]
Delete the Streaming Distribution identified by [aws_id] and [e_tag]. A
distribution must first be disabled before it can be deleted. Use 'get'
to retrieve a distribution's e_tag.
modify [aws_id]
Modify attributes on the Streaming Distribution identified by [aws_id]. Must
be used in conjunction with at least one of the following options:
--comment, --enabled, --oai, --trusted-signer, --cname
wait [aws_id]
Loop until a Streaming Distribution specified by [aws_id] enters the 'deployed'
state. You could use this in scripts if you need to know when a
distribution becomes available for use.
$ ./cf-origin-access-id.rb --help
Synopsis
--------
cf-origin-access-id:
List, create, delete CloudFront Origin Access Identities (OAI's), as well
as grant permissions on S3 objects to CloudFront OAI's.
Usage
-----
cf-origin-access-id.rb [OPTIONS] [command] [args]
commands:
---------
list:
List Origin Access Identities
create [comment]
Create a new Origin Access Identity. The AWS_ID and S3 Canonical ID
will be returned if successful
get [aws_id]
Get details about an Origin Access Identity specified by [aws_id]. This
command will display e_tag which is needed to delete an OAI
delete [aws_id] [e_tag]
Delete the Origin Access Identity specified by [aws_id] and [e_tag]. Use
'get' to retrieve the current e_tag.
grant [aws_id] [bucket]
grant 'FULL_PERMISSION' access on <tt>all</tt> objects inside the S3 bucket specified
by [bucket] to the OAI specified by [aws_id]. There is little reason to
create an OAI other than to give it permissions to some objects within S3,
and this command helps simplify that for you.
In this example we will setup a new Cloudfront Private Streaming distribution with the following attributes:
- S3 origin bucket: my-video-bucket
- CF base URL (CNAME): rtmp://cf.example.com/
$ export AWS_ACCESS_KEY_ID='xxxxx'
$ export AWS_SECRET_ACCESS_KEY='xxxxxx'
$ ./cf-streaming-distribution.rb create my-video-bucket \
--cname cf.example.com \
-m "private streaming distribution (rtmp) with origin bucket: my-video-bucket"
Success!
domain_name: s1loj2pirm00it.cloudfront.net
aws_id: E1UGDLB9XZBD79
This part will depend on DNS server or DNS provider. You'll need to create a new CNAME for cf.example.com --> s1loj2pirm00it.cloudfront.net
$ ./cf-origin-access-id.rb create "OAI for use on the cf.example.com distribution"
Success!
AWS_ID : E2CWXW7A1B3YIU
Location : https://cloudfront.amazonaws.com/origin-access-identity/cloudfront/E2CWXW7A1B3YIU
S3 Canonical ID: 3b5285f7f1b51ff2e63e8ff8127b7ffb76edee24580cb7fff6ef812aa87b749aaa3ed1aab389aaaab4453499a7ba57e7
./cf-streaming-distribution.rb modify E1UGDLB9XZBD79 --oai E2CWXW7A1B3YIU
Success!
$ ./cf-origin-access-id.rb grant E2CWXW8B1U3YJU my-video-bucket
Applying grant [E2CWXW8B1U3YJU:'FULL_CONTROL'] on: my-video-bucket/flvs/video01.flv
Applying grant [E2CWXW8B1U3YJU:'FULL_CONTROL'] on: my-video-bucket/flvs/video02.flv
...
You cannot create keypairs with the cloudfront API, so you'll need to do this step on the AWS website.
-
Goto http://aws.amazon.com then login:
-
Account > Security Credentials > Key Pairs
-
Click “Create New Key Pair” under the “Cloudfront Key Pairs” section
-
A keypair will be created and the private key will automatically begin downloading.
You must save this file! it will be in the form “pk-XXXXXX.pem”. If you lose this key, you can’t get it back because Amazon only stores the public key.
NOTE: the --trusted-signer arguments takes an amazon account ID as an argument.
The special ‘self’ can be used instead.
$ ./cf-streaming-distribution.rb modify E1UGDLB9XZBD79 --trusted-signer self
Success!
$ ./cf-streaming-distribution.rb get E1UGDLB9XZBD79
AWS_ID : E1UGDLB9XZBD79
E_TAG : EQ3HGAPOK1IFN
Status : InProgress
Enabled : true
domain_name : s1loj2pirm00it.cloudfront.net
origin : my-video-bucket.s3.amazonaws.com
CNAMEs : cf.example.com
Comment : private streaming distribution (rtmp) with origin bucket: my-video-bucket
Origin Access ID: origin-access-identity/cloudfront/E2CWXW7A1B3YIU
Trusted Signers : self
Active Signers:
-> aws_account_number: self
-> key_pair_id : APDBDOEHALFXGK5AQU5R
NOTE: The distribution will not be usable until Status changes from InProgress to Deployed. This can take up to 15minutes.
You can also use the command cf-streaming-distribution.rb wait AWS_ID to
wait for a distribution to change from InProgress to Deployed. The command will
exit as soon as the status changes to Deployed. This is useful for scripts
where you need to control timing.
Joe Miller - joeym -at- joeym.net