AWS for M&E Blog
Live streaming from specialized live cameras and drones using RTMP to Amazon IVS
Introduction
RTMP stands for Real-Time Messaging Protocol. It’s a live video streaming technology that lets you transfer data over the internet and is a widely used protocol for streaming video.
Customers may want to create interactive experiences with video originating from specialized live cameras or drones that do not support RTMP streaming. A workaround is needed in this use case to implement a secure method of streaming RTMP. However, a workaround potentially adds complexity and costs to a streaming workflow when using Amazon Interactive Video Service (Amazon IVS).
To facilitate these types of workflows, Amazon IVS recently launched a feature called “Insecure video ingest”. This feature allows users to stream RTMP video directly to Amazon IVS in addition to the default ingest of video through RTMPS.
In this blog post, we discuss why RTMPS is preferred over RTMP and other ways to secure access to streaming content. We also demonstrate how to enable this form of RTMP ingest protocol into Amazon IVS using the AWS Console.
Why RTMPS is preferred over RTMP
RTMPS is a variation of RTMP that uses extra security encryption to ensure that an unauthorized entity does not intercept the stream. The extra layer of security in RTMPS can be either TLS or SSL encryption.
RTMPS can often be used interchangeably with RTMP, as long as your broadcasting tools support it. It is beneficial for broadcasting on a public network, which is why this protocol is popular for streaming from mobile devices.
Other ways to secure access to streaming content
RTMPS is a great starting point for protected streaming, but many broadcasters value layering up security measures on top of RTMPS ingest.
Some of the other security measures for protected streaming include:
- Double-factor authentication
- Tokenized security
- Geographic / IP / domain restrictions
- AES encryption (AES Encryption is currently not supported by Amazon IVS. If needed, this feature is available with AWS Elemental MediaPackage.
Security measures do not only limit access to your live streams from specific viewers, they are also crucial for keeping your online video platforms, and viewers’ information, safe.
It is therefore important to layer RTMPS with other security measures to secure your content.
RTMP in Amazon IVS
Despite availability of this new feature in Amazon IVS, we strongly recommend that whenever possible, customers leverage RTMPS (RTMP over TLS/SSL) to provide needed protection and security to video streams when contributing video into Amazon IVS ingest endpoint.
Enabling RTMP ingest in Amazon IVS
To enable this feature, when creating an Amazon IVS Channel through the console:
- Select Custom configuration
- Toggle the button to enable RTMP ingest under Insecure ingest
- Acknowledge the insecure ingest warning and click Enable insecure ingest
- Click Create channel
The following image depicts the creation of a channel with RTMP ingest.
To enable this feature, when creating an Amazon IVS Channel through the API:
Use the new insecureIngest field in CreateChannel or UpdateChannel requests.
For further details, please see the Amazon IVS API Reference https://docs.thinkwithwp.com/ivs/latest/APIReference/Welcome.html
Once you have created your Amazon IVS channel with RTMP ingest capability, the channel will still allow you to ingest RTMPS or RTMP as shown in the following image.
Delete your Amazon IVS Channel
When your application is finished streaming to Amazon IVS, delete any channels you created during testing to avoid unwanted charges.
Conclusion
In this blog post, we discussed how to enable RTMP ingest to allow streaming devices like commercial drones that are not capable or streaming RTMPS to do so.
We explained how layered security is important and why it should be used to protect online video platforms.
If you want to learn more about how to apply layered security measures using Amazon CloudFront for your video application front-end (player and website application), please visit the following resources:
Amazon CloudFront Signed Cookie Authentication
Restricting the geographic distribution of your content with CloudFront
CloudFront Workshop