More than 100 Content Items in a Roku Channel

This walk-through must be followed in order to use more than 100 video, audio, picture or text content items within a channel.

  • Instant TV Channel configuration files contain information that determines the layout of your Roku channel and details about your channel's content.
  • You do not need to change, copy, delete, edit or move the configuration files yourself. Configuration files are handled automatically by Instant TV Channel.
  • Configuration files do not contain video or audio content or streams. They are relatively small in size.
  • Configuration files are stored on Amazon S3.
  • Configuration files are automatically written to whenever you make a change to your channel using an Instant TV Channel editor.
  • Configuration files are read by Roku devices in order to display your channel.
  • Instant TV Channel provides free configuration file storage for up to 100 video, audio, picture or text content items per channel.
  • If you have more than 100 content items in a channel, you must provide Instant TV Channel with an Amazon S3 "bucket" to automatically store your Roku channel's configuration files in.

Amazon's S3 pricing is separate from Instant TV Channel's monthly charges. All Amazon S3 charges are billed directly by Amazon. Amazon has a Free Tier for new customers which may include some or all of your S3 charges. Instant TV Channel configuration files for a typical channel are very small, and the S3 charges for them are often included within Amazon's Free Tier. Even for a very large or popular Roku channel, the total Amazon S3 cost for configuration file storage will often be less than a dollar per month.

This step-by-step walk-through will guide you through the process of creating an Amazon S3 bucket to store Instant TV Channel configuration files and creating keys to allow secure access to your bucket. The keys will provide restricted access to your new Configuration bucket and will not be usable for any of your other Amazon services or S3 buckets. You can use the same S3 Configuration bucket and keys for multiple channels. Instant TV Channel automatically creates separate directories within the Configuration bucket for each channel's configuration files.

Your configuration files will only be available using a time-limited signed URL to Roku devices that have your channel installed. In order to further secure your data, your configuration files are stored and transmitted to Roku devices in an encrypted format.

Create an S3 Bucket to store Configuration Files

  1. Log into your AWS account and go to the S3 section of your AWS control panel.
  2. Click the Create Bucket button.

    This should be a new bucket that is used only for Instant TV Channel Roku configuration files. Do not re-use a bucket that also contains content or non-Roku files!

  3. Provide a Bucket Name, for example "my-config-bucket".

    Very Important: Use only lower-case characters, digits, and dashes in your bucket name. Instant TV Channel does not support the use of upper-case characters or other symbols in bucket names.

    Good Bucket Name: test-bucket
    Good Bucket Name: bucket123
    Bad Bucket Name: test.bucket (contains unsupported period character ".")
    Bad Bucket Name: bucket+123 (contains unsupported plus character "+")
    Bad Bucket Name: Test-Bucket (contains upper-case characters "T" and "B")
  4. The bucket Region must be set to "US East (N. Virginia)".
  5. Click the Create button, do not click the Next button.

The default ACL (Access Control List) on your new bucket is "Private", meaning that an AWS key pair is required to access files in the bucket. The bucket cannot be accessed using a plain http:// or https:// URL. This is the correct setting for a Configuration bucket, as it only allows the Instant TV Channel web site and your channel running in a Roku device to access the configuration files.

You should never attempt to move or delete files from your Configuration bucket. Doing so will cause unpredictable results and may cause your Roku channel to be unviewable.

Shortcut for S3 Bucket Keys

If your Amazon AWS account is used exclusively for your Roku channel you may wish to consider using your root account access keys instead of using the IAM Content user and keys described below.

Your Amazon AWS root account access keys provide access to all portions of your Amazon AWS account, whereas the IAM keys limit access to a specific S3 bucket or buckets within your AWS account.

To create a new Amazon AWS root account access key pair:
  1. Browse to the Amazon AWS website at http://aws.amazon.com.
  2. From the My Account/Console drop-down list in the upper right-hand corner of the page, select My Security Credentials. If you are already logged in, the drop-down list may display your Amazon login ID instead of My Account/Console.
  3. If prompted to do so, enter your Amazon AWS email address and password. You may also need to click a Continue to Security Credentials button.
  4. Click on the plus (+) symbol next to the Access Keys link.
  5. Click on the Create New Access Key button.
  6. Click on the Download Key File button, and save the key file on your computer.
  7. DO NOT click the Close button until after you have verified that the save key file can be opened and viewed.
  8. The key file contents will look like this:
    AWSAccessKeyId=AKIAJQCQXH6EPMJ2LMSR
    AWSSecretKey=7a8JQnwVf2xxLzjsR73SM7BxSMGakS/lQazrg9YA
    

    Your root account Access Key Id starts with the letters AKIA... and is 20 characters long.

    Your root account Secret Access Key is 40 characters long.

  9. After you have verified that you can view the key file, click the Close button on the Amazon Security Credentials page.
  10. Skip over the Create IAM Keys section of this walk-through and continue at the Copy the Configuration Keys to your Channel section. Use your root account keys instead of the read-only IAM keys and the read-write IAM keys.

Create IAM Keys to Access the Configuration Bucket

Although you can use your AWS root account keys to access any S3 bucket that you create, you may feel more comfortable providing Instant TV Channel with keys that only grant access to the Configuration bucket. If you want to allow Instant TV Channel to use your root account keys to access your Configuration bucket, you can skip this section and rejoin at Copy the Configuration Keys to your Channel below.

We will create two IAM users and two sets of keys to access your Configuration bucket. One set of keys will grant read-write access to the bucket and will be used by the Instant TV Channel web site to update your configuration files as you change the layout and content of your Roku channel. The other set of keys will grant read-only access to the bucket and will be used to load configuration files directly into any Roku device that has your channel installed. Because the Roku device does not need to alter the contents of the configuration files its keys can be read-only. The use of read-only keys is optional, if not present then any Roku device with your channel installed will use the read-write keys.

  1. Go to the IAM (Identity and Access Management) section of your AWS control panel.
  2. Click the Policies link on the left side of the page.
  3. Click the Create Policy button near the top of the page.
  4. Click the Select button to the right of "Create Your Own Policy".
  5. Provide a Policy Name, for example "my-rw-config-policy" ("rw" stands for read-write).
  6. Copy the security policy below and paste into the Policy Document box, replacing the two instances of
    my-config-bucket
    in the code below with the name of the bucket that you just created. This security policy allows files in the Configuration bucket to be created, read, modified, or deleted.
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:*"
          ],
          "Resource": [
            "arn:aws:s3:::my-config-bucket",
            "arn:aws:s3:::my-config-bucket/*"
          ]
        }
      ]
    }
  7. Click the Create Policy button near the bottom of the page.
  8. Click the Groups link on the left side of the page.
  9. Click the Create New Group button near the top of the page.
  10. Provide a group name, for example "my-rw-config-group", then click the Next Step button near the bottom of the page.
  11. The "Attach Policy" page is displayed. Scroll down the list of policies until the "my-rw-config-policy" policy that you just created is visible, or type the name of your newly created policy in the "Filter" box. You may need to scroll through a large number of built-in AWS policies until your policy is visible.
  12. Click the check-box to the left of your policy name, making sure that no other check-boxes are checked, then click the Next Step button near the bottom of the page.
  13. Click the Create Group button near the bottom of the page.
  14. Click the Users link on the left side of the page.
  15. Click the Add User button near the top of the page.
  16. Enter a new user name, for example "my-rw-config-user".
  17. Select an Access type of "Programmatic access".
  18. Click the Next: Permissions button near the bottom of the page.
  19. Click the check-box to the left of the previously created Group name, then click the Next: Review button near the bottom of the page.
  20. Click the Create user button near the bottom of the page.
  21. Click the Show link beneath "Secret access key" or click the Download .csv button to copy and save the Access Key ID and Secret Access Key. These keys will be used exclusively for read-write access to your Configuration bucket. They cannot be used to access any other AWS buckets or services. Make sure that you save the keys for future use, Amazon will not display them again. If you misplace the keys you will have to create a new IAM user.
  22. After copying the Security Credentials, click the Close button near the bottom of the page.

    At this point we have a new IAM user that is a member of a new IAM group - the user has the keys and the group has the security policy. The keys for this IAM user can be used in the Roku channel to access the S3 bucket specified by the security policy.

  23. Repeat each of the steps above, beginning with Go to the IAM (Identity and Access Management) section... to create a read-only IAM group, policy, user and keys. This time use the security policy below for the Policy Document box, replacing the two instances of
    my-config-bucket
    in the code below with the name of the bucket that you previously created. This security policy allows files in the Configuration bucket to be read, but not created, modified, or deleted.
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:Get*",
            "s3:List*"
          ],
          "Resource": [
            "arn:aws:s3:::my-config-bucket",
            "arn:aws:s3:::my-config-bucket/*"
          ]
        }
      ]
    }

Copy the Configuration Keys to your Channel

  1. Sign into Instant TV Channel and select the channel that you want to configure for S3.
  2. Go to the channel's Keys & CDNs page.
  3. Under AWS S3 Configuration Storage, copy the new Configuration bucket name into the Bucket Name box.
  4. Copy the read-write IAM user's Access Key ID into the Read-Write Access Key ID box.
  5. Copy the read-write IAM user's Secret Access Key into the Read-Write Secret Access Key box.
  6. Copy the read-only IAM user's Access Key ID into the Optional Read-Write Access Key ID box.
  7. Copy the read-only IAM user's Secret Access Key into the Optional Read-Write Secret Access Key box.
  8. Click the TEST S3 CONFIGURATION STORAGE button and verify that the S3 bucket Read-Write and Read-Only Tests Passed message is displayed. If the test failed, verify that your S3 keys were copied correctly and try again.
  9. If the test was successful, change Use S3 for Configuration Storage to Yes to activate your S3 Configuration bucket. A message will be displayed after your configuration files are copied from one of Instant TV Channel's buckets into your own bucket.

That's it! Your channel's configuration files are now being stored in your S3 Configuration bucket. Roku devices that have your channel installed will access your channel's configuration files directly from your S3 Configuration bucket.


For more information about how to create a Roku channel using Instant TV Channel, please see this Introductory Walk-Through.

Questions and comments about this Roku developer walk-through can be sent to .

Instant TV Channel is a cloud-based tool for Roku developers and content providers that shortens development time and eases maintenance after deployment.



Private Channel Code: ITVC
Check out Instant TV Channel by adding our demonstration channel to your Roku player, or watch the YouTube video.

Need help with your Roku?

We are unable to provide technical support for your Roku device or for channels not created using Instant TV Channel.

Please visit www.roku.com for assistance.



Instant TV Channel is not affiliated with nor endorsed by Roku Inc.