diff --git a/packages/@aws-cdk/aws-ivs-alpha/README.md b/packages/@aws-cdk/aws-ivs-alpha/README.md index 62d636f10e565..5af6031301a0b 100644 --- a/packages/@aws-cdk/aws-ivs-alpha/README.md +++ b/packages/@aws-cdk/aws-ivs-alpha/README.md @@ -55,6 +55,17 @@ const myChannel = new ivs.Channel(this, 'myChannel', { }); ``` +If you want to use RTMP ingest, set `insecureIngest` property to `true`. +By default, `insecureIngest` is `false` which means using RTMPS ingest. + +**⚠ Note:** RTMP ingest might result in reduced security for your streams. AWS recommends that you use RTMPS for ingest, unless you have specific and verified use cases. For more information, see [Encoder Settings](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/streaming-config.html#streaming-config-settings). + +```ts +const myRtmpChannel = new ivs.Channel(this, 'myRtmpChannel', { + type: ivs.ChannelType.STANDARD, + insecureIngest: true, // default value is false +}); +``` ### Importing an existing channel diff --git a/packages/@aws-cdk/aws-ivs-alpha/lib/channel.ts b/packages/@aws-cdk/aws-ivs-alpha/lib/channel.ts index df7e99ba6ef66..07eda0279f5ca 100644 --- a/packages/@aws-cdk/aws-ivs-alpha/lib/channel.ts +++ b/packages/@aws-cdk/aws-ivs-alpha/lib/channel.ts @@ -117,6 +117,13 @@ export interface ChannelProps { */ readonly authorized?: boolean; + /** + * Whether the channel allows insecure RTMP ingest. + * + * @default false + */ + readonly insecureIngest?: boolean; + /** * Channel latency mode. * @@ -211,6 +218,7 @@ export class Channel extends ChannelBase { const resource = new CfnChannel(this, 'Resource', { authorized: props.authorized, + insecureIngest: props.insecureIngest, latencyMode: props.latencyMode, name: this.physicalName, type: props.type, diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/aws-cdk-ivs-insecure-ingest.assets.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/aws-cdk-ivs-insecure-ingest.assets.json new file mode 100644 index 0000000000000..d961adf990337 --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/aws-cdk-ivs-insecure-ingest.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "52a6656a6fbac13adc4ee65169cac1f0b58ca4afa982ba3162609a4acf04723f": { + "source": { + "path": "aws-cdk-ivs-insecure-ingest.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "52a6656a6fbac13adc4ee65169cac1f0b58ca4afa982ba3162609a4acf04723f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/aws-cdk-ivs-insecure-ingest.template.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/aws-cdk-ivs-insecure-ingest.template.json new file mode 100644 index 0000000000000..774ded3a5faf7 --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/aws-cdk-ivs-insecure-ingest.template.json @@ -0,0 +1,46 @@ +{ + "Resources": { + "ChannelInsecureIngestEnabled1E9B93E0": { + "Type": "AWS::IVS::Channel", + "Properties": { + "InsecureIngest": true, + "Name": "aws-cdk-ivs-insecure-ingestChannelInsecureIngestEnabled15F31314", + "Type": "STANDARD" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/integ.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/integ.json new file mode 100644 index 0000000000000..4d24420b0a9b2 --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "ivs-insecure-ingest-test/DefaultTest": { + "stacks": [ + "aws-cdk-ivs-insecure-ingest" + ], + "assertionStack": "ivs-insecure-ingest-test/DefaultTest/DeployAssert", + "assertionStackName": "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets.json new file mode 100644 index 0000000000000..43b06eea0c1c7 --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.template.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/manifest.json new file mode 100644 index 0000000000000..9e441bc50d9bc --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/manifest.json @@ -0,0 +1,113 @@ +{ + "version": "36.0.5", + "artifacts": { + "aws-cdk-ivs-insecure-ingest.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-ivs-insecure-ingest.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-ivs-insecure-ingest": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-ivs-insecure-ingest.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/52a6656a6fbac13adc4ee65169cac1f0b58ca4afa982ba3162609a4acf04723f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-ivs-insecure-ingest.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-ivs-insecure-ingest.assets" + ], + "metadata": { + "/aws-cdk-ivs-insecure-ingest/ChannelInsecureIngestEnabled/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ChannelInsecureIngestEnabled1E9B93E0" + } + ], + "/aws-cdk-ivs-insecure-ingest/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-ivs-insecure-ingest/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-ivs-insecure-ingest" + }, + "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "ivsinsecureingesttestDefaultTestDeployAssert6FABA1ED.assets" + ], + "metadata": { + "/ivs-insecure-ingest-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/ivs-insecure-ingest-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "ivs-insecure-ingest-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/tree.json b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/tree.json new file mode 100644 index 0000000000000..d6142998317c4 --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.js.snapshot/tree.json @@ -0,0 +1,127 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-ivs-insecure-ingest": { + "id": "aws-cdk-ivs-insecure-ingest", + "path": "aws-cdk-ivs-insecure-ingest", + "children": { + "ChannelInsecureIngestEnabled": { + "id": "ChannelInsecureIngestEnabled", + "path": "aws-cdk-ivs-insecure-ingest/ChannelInsecureIngestEnabled", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-ivs-insecure-ingest/ChannelInsecureIngestEnabled/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IVS::Channel", + "aws:cdk:cloudformation:props": { + "insecureIngest": true, + "name": "aws-cdk-ivs-insecure-ingestChannelInsecureIngestEnabled15F31314", + "type": "STANDARD" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ivs.CfnChannel", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ivs-alpha.Channel", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-ivs-insecure-ingest/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-ivs-insecure-ingest/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "ivs-insecure-ingest-test": { + "id": "ivs-insecure-ingest-test", + "path": "ivs-insecure-ingest-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "ivs-insecure-ingest-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "ivs-insecure-ingest-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "ivs-insecure-ingest-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "ivs-insecure-ingest-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "ivs-insecure-ingest-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.ts b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.ts new file mode 100644 index 0000000000000..972ac585d0785 --- /dev/null +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs-insecure-ingest.ts @@ -0,0 +1,16 @@ +import { App, Stack } from 'aws-cdk-lib'; +import * as ivs from '../lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; + +const app = new App(); + +const stack = new Stack(app, 'aws-cdk-ivs-insecure-ingest'); + +new ivs.Channel(stack, 'ChannelInsecureIngestEnabled', { + type: ivs.ChannelType.STANDARD, + insecureIngest: true, +}); + +new integ.IntegTest(app, 'ivs-insecure-ingest-test', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/ivs.test.ts b/packages/@aws-cdk/aws-ivs-alpha/test/ivs.test.ts index 753750cb3a035..0f99e1868b553 100644 --- a/packages/@aws-cdk/aws-ivs-alpha/test/ivs.test.ts +++ b/packages/@aws-cdk/aws-ivs-alpha/test/ivs.test.ts @@ -10,7 +10,7 @@ EPtPtOm1s0GR9k1ydU5hkI++f9CoZ5lM let stack: Stack; -beforeEach( () => { +beforeEach(() => { const app = new App({ context: { '@aws-cdk/core:newStyleStackSynthesis': false, @@ -199,3 +199,15 @@ test('the preset with the STANDARD or BASIC channel type is overwritten with an Preset: '', }); }); + +test.each([true, false])('channel with insecureIngest set to %s.', (insecureIngest) => { + new ivs.Channel(stack, 'Channel', { + type: ivs.ChannelType.STANDARD, + insecureIngest, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::IVS::Channel', { + Type: 'STANDARD', + InsecureIngest: insecureIngest, + }); +});