Skip to content

Instantly share code, notes, and snippets.

@kjs3 kjs3/gist:408311
Created May 21, 2010

What would you like to do?
require 'right_aws.rb'
@amz_public_key = 'myaccesskey' # S3 Public key
@amz_private_key = 'mysecretaccesskey' # S3 Private key
# You need to create a key/pair to do much of anything with aws. You can do this by going to
# and clicking
# on the Key Pairs tab
@key_id = 'keyID' # Key ID from AWS (not the EC2 key/pairs)
@pem_file = 'pk-pemfile.pem' # Location of pem file associated with @key_id
@private_bucket = 'bucketname' # If you're using a public bucket things are simpler
@acf =, @amz_private_key)
@s3 =, @amz_private_key)
# ====================================================================================
# == Create a Private Streaming Distribution with access rights to a private bucket ==
# ====================================================================================
# origin access identities are tied to distributions. You need to grant them
# rights to the bucket - which we'll show you how to do
@s3_streaming_con_user_id # we'll get this after creating a distro
def create_private_streaming_distribution(bucket = @private_bucket)
# see doc in create_distribution_by_config for explanation of enhanced_seek
# we'll have this auto generate a origin access identity
config = {:origin => "#{bucket}", :comment => "New private streaming distribution",
:streaming => true,
:enhanced_seek => true,
:enhanced_seek_zone => "server",
:auto_generate_origin_access_identity => true,
:trusted_signers => { :self => true }}
res = @acf.create_distribution_by_config(config)
oid = @acf.get_origin_access_identity(res[:origin_access_identity])
@s3_streaming_con_user_id = oid[:s3_canonical_user_id]
puts @s3_streaming_con_user_id
#grant permissions for your distribution to the S3 bucket
#grant_permissions(@s3_streaming_con_user_id, "Full permissions for #{res[:aws_id]}")
return res[:aws_id] # you'll need this to change the config of the distribution - you can also look this up on Amazon's Distribution console
def grant_permissions(bucket = @private_bucket, s3_con_user_id = @s3_streaming_con_user_id)
res = @s3.add_s3canonical_grantee_to_bucket_and_objects(bucket, s3_con_user_id, "FULL_CONTROL", "Perms for #{s3_con_user_id}")
puts res.to_yaml
# creating distribution and granting permissions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.