After setting up a private S3 bucket for your protected videos, you’ll need to set up a Cloudfront distribution and then input its URL and key pairs under PDA Protected Videos settings page accordingly.
In this tutorial, we will show you how to set up a CloudFront distribution as well as getting an Access Key ID & RSA key for our PDA Protect Videos extension as quickly as possible.
Log in to the AWS Console
- Already have an Amazon Web Services (AWS) account? Sign in here.
- If you don’t have an AWS account yet, you will need to sign up here.
Setup a CloudFront Distribution
Step 1: Go to your CloudFront console and then choose Create Distribution.
Step 2: On the Create Distribution Wizard, click on Get Started button under Web section.
Step 3: Choose origin as your S3 Bucket for video content storage.
Step 4: Apply Restrict Bucket Access as follows.
Once you choose the option “Yes, Update Bucket Policy”, it will automatically generate and apply the policies to our bucket. Whichever option you choose, you need to double-check the bucket access permissions.
Step 5: Configure the default cache behavior settings.
Step 6: Use Signed URLs.
Leave other options as they are. Finally, click on Save button to finish.
Step 7: Go back to CloudFront Distributions and locate the CloudFront link you have created under Domain Name column.
Simply copy and paste it into the CloudFront URL field under our plugin’s settings page. It’s important to add your domain protocol, i.e. http:// or https://, before the domain name.
Get CloudFront Key Pairs
Go back to your AWS console and then click on “My Security Credentials”
In CloudFront key pairs section, click on Create New Key Pair button.
Click on “Download Private Key File” and you’ll get a .pem file with this format, XYZ.pem
Fill in your CloudFront key pairs in our CloudFront Configuration with XYZ is Access Key ID and the downloaded .pem file content is the RSA KEY.
Create WAF Rules
Step 1: On the WAF console, click Create web ACL.
Step 2: In the first step, we will set the name and CloudFront distribution that we want to apply the rule.
Step 3: Create the condition.
- Sample Name: only-accept-range-header
- String match
- Convert to lowercase
Step 4: Only allow those requests that match the rule.
Step 5: Confirm and create it.
Next step: Embed our S3 shortcode into your content