EZDRM Cloudformation Template – Setup DRM Widevine, Playready, Fairplay With S3Bubble

EZDRM Cloudformation Template - Setup DRM Widevine, Playready, Fairplay With S3Bubble

This template was built to allow users to setup premium drm Widevine, Playready, Fairplay to work with the S3Bubble services.

Download Template

Video Tutorial - WP DRM Plugin

In this tutorial we show you how to setup studio approved drm with the S3Bubble DRM Plugin Download Plugin

Video Tutorial - Hosted Themes

In this tutorial we provide a AWS Cloudformation template to setup a Secure Packager and Encoder Key Exchange (SPEKE) API with API Gateway.

We also setup a full VOD workflow with S3 & Cloudfront.

You will then be shown how to encode you content to DASH & HLS to distribute securely.

Setting Up Services

You can then encode your video through AWS or use the S3Bubble dashboard.

We use this within our themes to create hollywood level drm you can see a working example here https://wpott.tv/content/drm-example/

If you are using the S3Bubble themes you will need to add your details in the theme under the drm section.

Apple Fairplay
  • Media Url: https://000000000000.cloudfront.net/drm/master.m3u8
  • Keysystem: com.apple.fps.1_0
  • License Uri: https://fps.ezdrm.com/api/licenses/000000000000 // You need to ask ezdrm to store this for you
  • Certificate Uri: https://000000000000.cloudfront.net/fairplay.cer // You can store this in one of your buckets
    For fairplay you must first request access at this link https://developer.apple.com/contact/fps/.

When your access is approved you will receive and email like this.

Thank you for your interest in FairPlay Streaming (FPS). Your request has been approved.

The FPS Deployment Package can be downloaded from the Downloads for Apple Developers page at: https://developer.apple.com/download/more/?=FPS

The FPS Deployment Package contains the D Function and specification along with instructions about how to generate the FairPlay Streaming Certificate and Application Secret key (ASk).

To avoid misplacing your ASk, FairPlay Streaming Certificate or private key, we recommend you don’t create your certificates until you have a Key Server Module (KSM) that has been fully tested using the verify_ckc tool and test vectors as instructed in the FairPlay Streaming Programing Guide.

The FPS Credentials that you will be generating consist of a private key, the ASk and the FPS Certificate. The private key is generated first in the process. If you are asked to provide a pass phrase for the private key, keep the pass phrase in a safe and secure place because if the pass phrase is forgotten the private key is essentially lost. You need to keep all of these items in a safe and secure place because if you loose one of them, your system will not work. If the ASk is compromised, you will no longer be able to protect your content with FairPlay Streaming. Please don’t loose or mishandle the FPS Credentials.

Many companies now have processes or systems for where and how company specific credentials like these are stored.

You must save a copy of the ASk and store it securely. If the ASk is compromised, you will no longer be able to protect your content with FairPlay Streaming. Only one (1) ASk is allocated to your team. The value will not be provided again and cannot be retrieved at a later time.

The ASk and FairPlay Streaming Certificate that will be generated are used together to secure the Content Key in the FPS protocol. Please refer to “FairPlay Streaming Programming Guide: Programming the Key Security Module” to understand how the ASk is used in your FPS implementation.

You will now need to follow the link and tutorials to sign your certs send a version to EZDRM and also upload a version to an AWS S3 Bucket.

  • Media Url: https://000000000000.cloudfront.net/drm/master.mpd // This needs to be in dash format
  • Keysystem: com.widevine.alpha
  • License Uri: https://widevine-dash.ezdrm.com/widevine-php/widevine-foreignkey.php?pX=000000 // You can find the pX id in your Widevine account https://www.ezdrm.com/html/Members/DRM/Google/widevine/my_widevine_account.asp it is the last 6 digits of your Widevine Profile ID