-
Notifications
You must be signed in to change notification settings - Fork 10
/
AnalyticsS3RoleBasedOutput.ts
84 lines (73 loc) · 4.61 KB
/
AnalyticsS3RoleBasedOutput.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import {map, mapArray} from '../common/Mapper';
import AclEntry from './AclEntry';
import AnalyticsOutput from './AnalyticsOutput';
import AnalyticsOutputType from './AnalyticsOutputType';
import AwsCloudRegion from './AwsCloudRegion';
import ExternalIdMode from './ExternalIdMode';
import S3SignatureVersion from './S3SignatureVersion';
/**
* @export
* @class AnalyticsS3RoleBasedOutput
*/
export class AnalyticsS3RoleBasedOutput extends AnalyticsOutput {
/**
* Discriminator property for AnalyticsOutput
* @type {string}
* @memberof AnalyticsS3RoleBasedOutput
*/
public readonly type: AnalyticsOutputType = AnalyticsOutputType.S3_ROLE_BASED;
/**
* Amazon S3 bucket name (required)
* @type {string}
* @memberof AnalyticsS3RoleBasedOutput
*/
public bucketName?: string;
/**
* Amazon ARN of the IAM Role (Identity and Access Management Role) that will be assumed for S3 access. This role has to be created by the owner of the account with the S3 bucket (i.e., you as a customer). For Bitmovin to be able to assume this role, the following has to be added to the trust policy of the role: ``` { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::630681592166:user/bitmovinCustomerS3Access\" }, \"Action\": \"sts:AssumeRole\", \"Condition\": { \"StringEquals\": { \"sts:ExternalId\": \"{{externalId}}\" } } } ``` where \"arn:aws:iam::630681592166:user/bitmovinCustomerS3Access\" is the Bitmovin user used for the access. The `Condition` is optional but we highly recommend it, see property `externalId` below for more information. This setup allows Bitmovin assume the provided IAM role and to write data to your S3 bucket. Please note that the IAM role has to have write access to S3. For more information about role creation please visit https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-console (required)
* @type {string}
* @memberof AnalyticsS3RoleBasedOutput
*/
public roleArn?: string;
/**
* External ID used together with the IAM role identified by `roleArn` to assume S3 access. This ID is provided by the API if `externalIdMode` is set to `GLOBAL` or `GENERATED`. If present, it has to be added to the trust policy of the IAM role `roleArn` configured above, otherwise the API won't be able to write to the S3 bucket. An appropriate trust policy would look like this: ``` { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::630681592166:user/bitmovinCustomerS3Access\" }, \"Action\": \"sts:AssumeRole\", \"Condition\": { \"StringEquals\": { \"sts:ExternalId\": \"{{externalId}}\" } } } ``` where \"{{externalId}}\" is the generated ID. This property is optional but we recommend it as an additional security feature. We will use both the `roleArn` and the `externalId` to access your S3 data. If the Amazon IAM role has an external ID configured but it is not provided in the output configuration Bitmovin won't be able to write to the S3 bucket. Also if the external ID does not match the one configured for the IAM role on AWS side, Bitmovin won't be able to access the S3 bucket. If you need to change the external ID that is used by your IAM role, you need to create a new output, and use the external ID provided by the API to update your IAM role. For more information please visit https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
* @type {string}
* @memberof AnalyticsS3RoleBasedOutput
*/
public externalId?: string;
/**
* @type {ExternalIdMode}
* @memberof AnalyticsS3RoleBasedOutput
*/
public externalIdMode?: ExternalIdMode;
/**
* If set a user defined tag (x-amz-meta-) with that key will be used to store the MD5 hash of the file.
* @type {string}
* @memberof AnalyticsS3RoleBasedOutput
*/
public md5MetaTag?: string;
/**
* @type {AwsCloudRegion}
* @memberof AnalyticsS3RoleBasedOutput
*/
public cloudRegion?: AwsCloudRegion;
/**
* Specifies the method used for authentication
* @type {S3SignatureVersion}
* @memberof AnalyticsS3RoleBasedOutput
*/
public signatureVersion?: S3SignatureVersion;
constructor(obj?: Partial<AnalyticsS3RoleBasedOutput>) {
super(obj);
if(!obj) {
return;
}
this.bucketName = map(obj.bucketName);
this.roleArn = map(obj.roleArn);
this.externalId = map(obj.externalId);
this.externalIdMode = map(obj.externalIdMode);
this.md5MetaTag = map(obj.md5MetaTag);
this.cloudRegion = map(obj.cloudRegion);
this.signatureVersion = map(obj.signatureVersion);
}
}
export default AnalyticsS3RoleBasedOutput;