Back to Settings

AWS Setup Guide

Step-by-step instructions to configure your AWS account

Before You Start

You'll need an AWS account. If you don't have one:

Create a free AWS account

Choose Your Setup Method

Quick Setup

Recommended • ~2 minutes

One-click automated setup using AWS CloudFormation. Everything is created automatically with best practices built-in.

  • No manual configuration needed
  • Zero errors or typos
  • Security best practices included
Use Quick Setup →

Manual Setup

For learning • ~15-20 minutes

Step-by-step guide through the AWS Console. Learn how each component works and configure everything yourself.

  • Learn AWS services
  • Full control and customization
  • Understand security settings
Use Manual Setup →

Quick Setup (Recommended)

How It Works

  1. 1Click the "Launch Stack" button below to open AWS CloudFormation
  2. 2Enter a unique bucket name (e.g., my-private-videos-123)
  3. 3Check the box acknowledging IAM resource creation
  4. 4Click "Create Stack" and wait ~2 minutes
  5. 5Copy all 5 credentials from the "Outputs" tab
  6. 6Paste them into your Settings page

Important Notes

  • The CloudFormation stack will create resources in your AWS account
  • AWS may charge small fees for S3 storage and MediaConvert usage
  • Save the Secret Access Key immediately - you can't retrieve it later
  • You can delete the CloudFormation stack anytime to remove all resources
Launch Stack in AWS

Opens AWS CloudFormation Console in a new tab

OR

Manual Setup

Follow these detailed instructions to manually configure your AWS account. This gives you full control and helps you understand each component.

Create an S3 Bucket

Amazon S3 will store your videos. You need to create a bucket where all your video files will be kept.

  1. Go to AWS Console → S3
  2. Click the "Create bucket" button
  3. Bucket name: Choose a unique name (e.g., my-private-videos-123)
  4. Region: Choose your preferred region (e.g., us-east-1)
  5. Block Public Access: Keep all boxes CHECKED (videos should be private)
  6. Click "Create bucket"
  7. ✏️ Save the bucket name - you'll need this later!

Configure CORS (Required for Uploads & Streaming)

After creating the bucket, configure CORS to allow your browser to upload and stream videos directly:

  1. Click on your newly created bucket
  2. Go to the Permissions tab
  3. Scroll down to Cross-origin resource sharing (CORS)
  4. Click Edit
  5. Paste this configuration:
JSON
[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "HEAD", "PUT"],
    "AllowedOrigins": [
      "http://localhost:3000",
      "https://your-production-domain.com"
    ],
    "ExposeHeaders": ["Content-Length", "Content-Range", "ETag"],
    "MaxAgeSeconds": 3000
  }
]

Important: Replace https://your-production-domain.com with your actual domain when you deploy.

Create IAM User with Permissions

Create a dedicated user with permissions to manage your videos and use MediaConvert for transcoding.

Create the IAM User

  1. Go to AWS Console → IAM → Users
  2. Click "Create user"
  3. User name: private-video-user
  4. Click "Next"
  5. Select "Attach policies directly"
  6. Click "Create policy" (opens in new tab - keep it open!)

Create the IAM Policy

In the new tab that opened:

  1. Click the "JSON" tab
  2. Paste this policy (see below)
  3. IMPORTANT: Replace the placeholders!
    • YOUR-BUCKET-NAME → Your bucket name from Step 1
    • YOUR-ACCOUNT-ID → Your 12-digit AWS account ID (find it in the top-right corner)
  4. Click "Next"
  5. Policy name: PrivateVideoPolicy
  6. Click "Create policy"
JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::YOUR-BUCKET-NAME",
        "arn:aws:s3:::YOUR-BUCKET-NAME/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "mediaconvert:CreateJob",
        "mediaconvert:GetJob",
        "mediaconvert:DescribeEndpoints"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "arn:aws:iam::YOUR-ACCOUNT-ID:role/MediaConvertRole",
      "Condition": {
        "StringEquals": {
          "iam:PassedToService": "mediaconvert.amazonaws.com"
        }
      }
    }
  ]
}

Attach Policy to User

  1. Go back to the user creation tab
  2. Refresh the policies list
  3. Search for PrivateVideoPolicy and check the box
  4. Click "Next" → "Create user"

Get Your Access Keys

  1. Click on your newly created user
  2. Go to Security credentials tab
  3. Scroll to Access keys
  4. Click "Create access key"
  5. Select "Other" → Click "Next"
  6. Click "Create access key"
  7. 🔐 IMPORTANT: Copy and save these immediately!
    • Access key ID (looks like: AKIAIOSFODNN7EXAMPLE)
    • Secret access key (looks like: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)
    • You won't be able to see the secret key again!

Create MediaConvert IAM Role

MediaConvert needs permission to read your videos from S3 and write the transcoded files back. This role grants those permissions.

Create the Role

  1. Go to AWS Console → IAM → Roles
  2. Click "Create role"
  3. Trusted entity type: Select "AWS service"
  4. Use case: Scroll down and select MediaConvert from the dropdown
  5. Click "Next"
  6. Click "Next" (skip permissions for now)
  7. Role name: MediaConvertRole
  8. Click "Create role"

Add S3 Permissions to the Role

  1. Click on the role you just created
  2. Go to the Permissions tab
  3. Click "Add permissions" → "Create inline policy"
  4. Click the "JSON" tab
  5. Paste this policy (see below)
  6. IMPORTANT: Replace YOUR-BUCKET-NAME with your bucket name!
  7. Click "Next"
  8. Policy name: S3BucketAccess
  9. Click "Create policy"
JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:PutObject", "s3:ListBucket"],
      "Resource": [
        "arn:aws:s3:::YOUR-BUCKET-NAME",
        "arn:aws:s3:::YOUR-BUCKET-NAME/*"
      ]
    }
  ]
}

Copy the Role ARN

  1. Go back to the role summary page
  2. At the top, find the ARN field
  3. 📋 Copy this entire ARN - you'll need it!
    • It looks like: arn:aws:iam::123456789012:role/MediaConvertRole
    • Make sure it says role/ not policy/!

Setup Complete! Here's What You Need

Before heading to the Settings page, make sure you have all of these:

S3 Bucket Name (e.g., my-private-videos-123)
AWS Region (e.g., us-east-1)
IAM Access Key ID (e.g., AKIAIOSFODNN7EXAMPLE)
IAM Secret Access Key (e.g., wJalrXUtnFEMI/K7MDENG...)
MediaConvert Role ARN (e.g., arn:aws:iam::123456789012:role/MediaConvertRole)
Go to Settings & Enter Your Credentials

Need Help?

If you run into any issues during setup:

Your AWS credentials are encrypted before being stored and are only used to upload and manage your videos.