Recording Not accessible from S3 bucket using OpenVidu Inspector

I installed Openvidu Pro first 2.18.0 But faced same problem ,
So updated to new 2.19.0
But still not accessible video from s3 bucket

You probably need to modify s3 bucket policy to allow to the IP of your master node to access s3 recordings.

Add a bucket policy into your s3 bucket like this one:

{
    "Version": "2012-10-17",
    "Id": "PolicyId",
    "Statement": [
        {
            "Sid": "SourceIP",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<NAME_OF_YOUR_BUCKET>/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "<PUBLIC_IP_WHERE_RECORDINGS_CAN_BE_ACCESSED>"
                }
            }
        }
    ]
}

Where:

  • <NAME_OF_YOUR_BUCKET>: Name of your s3 bucket
  • <PUBLIC_IP_WHERE_RECORDINGS_CAN_BE_ACCESSED>: Public IP where recordings can be accessed.

Another possibility is to make the bucket publicly accessible

1 Like

still same 403 , i created above same problem

I’ve tested some time ago and it worked, did you put your public ip (The public ip of your own personal computer) in the s3 bucket policy?

Don’t use the < and > characters. It should look like this:

{
    "Version": "2012-10-17",
    "Id": "PolicyId",
    "Statement": [
        {
            "Sid": "SourceIP",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "1.2.3.4"
                }
            }
        }
    ]
}

I put the public IP openvidu server

No, this IP should be the IP of the user which want to check recordings. Because the videos are accessed directly using s3 generated http urls

even in Openvidu Inspector , Thats strange
I think we should add acess point for it

In that case, that is a missing feature. @micael.gallego what do you think?

1 Like

OpenVidu inspector is not doing any forward of s3 stored files. It just give the user S3 URLs.

So you have to configure s3 security as you want to allow inspector users to access s3 files.

In fact, inspector is just a monitoring tool. The application develop on top of OpenVidu is the final responsible to provide access to videos to the final users.

In any case, please create an entry in request for features section in the forum so we can consider it to be implemented in the future.

Best regards

Thanks @cruizba and @micael.gallego for helping me
Some More Suggestions
1.In case of aws cloudformaton what permission IAM user needed please add it in documents
if you say i will happy to add this because some time we have IAM access in server setup
2.Please add a job/freelance opportunity category community’s ,it will helpfull for openvidu user and developer reachability
Thanks

About the first question, I don’t understand, what do you mean? Do you mean what permissions the IAM user of S3 need?

I mean when anyone deploy Openvidu Server as IAM not root aws user using cloud formation,
So what permission IAM should have for doing deployment
Thanks