# Plan your deployment
This section describes the [cost](cost.md), [security](security-1.md), [Regions](supported-aws-regions.md), and other considerations prior to deploying the solution.
# Cost
You are responsible for the cost of the AWS services used while running this solution. The total cost for running this solution depends on the amount of data being ingested and analyzed, running the solution's OpenSearch Service cluster, and the size and length of media files analyzed with Amazon Rekognition, Amazon Transcribe, and Amazon Comprehend.
As of this revision, the cost for running this solution on 100 hours of videos totaling one terabyte with the default settings in the US East (N. Virginia) Region is **\$12,149.95 (one time processing)** with **\$1104.60/month** **(recurring)** for Amazon S3 data storage and OpenSearch Service search engine.
We recommend creating a [budget](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-create.html) through [AWS Cost Explorer](https://aws.amazon.com/aws-cost-management/aws-cost-explorer/) to help manage costs. Prices are subject to change. For full details, see the pricing webpage for each [AWS service used in this solution](aws-services-in-this-solution.md). For customers who want to process large-scale video archives, we recommend that you contact your AWS account representative for at-scale pricing.
## Example monthly cost
The following example is for a total file size of one terabyte, which equates to one hundred total hours of video content where each video is one hour in duration. The cost is broken down to the following categories:
1. **Migration cost** – When the video files are uploaded and stored in Amazon Glacier Deep Archive storage. The cost is estimated based on the total size of the video files.
1. **Ingestion cost** – When the uploaded video files are transcoded with AWS Elemental MediaConvert to create low resolution proxy video files **plus the ingestion workflow cost composed of AWS Step Functions state transitions and AWS Lambda compute runtime, and Amazon DynamoDB Read/Write request units.
1. **Analysis cost** – When proxy files are analyzed with Amazon Rekognition, Amazon Transcribe, and Amazon Comprehend plus the analysis workflow cost composed of AWS Step Functions state transitions and AWS Lambda Compute runtime, and Amazon DynamoDB Read/Write request units.
1. **Search engine cost** – When the generated metadata are indexed to an OpenSearch Service cluster. The cost depends on the number of dedicated nodes, the number of instance nodes, and the amount of Amazon EBS volume.
| AWS service | Dimensions | Cost [USD] |
| --- | --- | --- |
| Migration cost (one terabyte) | | |
| S3 Glacier Deep Archive | \$10.00099 per GB / Month \$1 1024 GB | \$11.01 |
| Ingestion cost (100 hours) | | |
| AWS Elemental MediaConvert (SD, AVC with Professional Tier) | \$10.012 per minutes \$1 100 hours | \$172.00 |
| AWS Elemental MediaConvert (Audio only) | \$10.003 per minutes \$1 100 hours | \$118.00 |
| AWS Step Functions State transitions, AWS Lambda Compute unit (MB per 1ms), and Amazon DynamoDB Read Write Request Units | Varies depending on number of state transitions, the Lambda function memory size and runtime duration, and read write request to DynamoDB tables. | \$1\$11.05 |
| Analysis cost (100 hours) | | |
| Amazon Rekognition Celebrity Recognition | \$10.10 per minute \$1 100 hours | \$1600.00 |
| Amazon Rekognition Label Detection | \$10.10 per minute \$1 100 hours | \$1600.00 |
| Amazon Rekognition Segment Detection (Shot and Technical Cues detections) | (\$10.05 \$1 \$10.05 per minute) \$1 100 hours | \$1600.00 |
| Amazon Transcribe | \$10.024 per minute \$1 100 hours | \$1144.00 |
| Amazon Comprehend Key Phrase Extraction | \$10.0001 per unit Vary depends on number of characters extracted from audio dialogue of the video files | \$1\$15.00 |
| Amazon Comprehend Entity Recognition | \$10.0001 per unit Vary depends on number of characters extracted from audio dialogue of the video files | \$1\$15.00 |
| AWS Step Functions State transitions, AWS Lambda Compute unit (MB per 1ms), and Amazon DynamoDB Read Write Request Units | Varies depending on number of state transitions, the Lambda function memory size and runtime duration, and read write request to DynamoDB tables. | \$1\$1 0.30 |
| Search engine cost | | |
| Amazon OpenSearch Service dedicated node (t3.small.search) | \$10.036 per hour \$1 0 node | \$10.00 |
| Amazon OpenSearch Service instance node (m5.large.search) | \$10.142 per hour \$1 1 node | \$1102.24 |
| Amazon OpenSearch Service EBS Volume (GP2) | \$10.135 per GB / month \$1 10 GB | \$11.35 |
| Total cost (based on one terabyte with 100 hours of videos) | | |
| Monthly recurring cost (S3 storage and Amazon OpenSearch Service cluster) | \$11.01 \$1 \$1102.24 \$1 1.35 | \$1104.60 |
| One-time processing cost (AWS Elemental MediaConvert, Amazon Rekognition, Transcribe, Comprehend, AWS Step Functions, AWS Lambda) | (\$172 \$1 \$118) \$1 \$11.05 \$1 (\$1600 \$1 \$1600 \$1 \$1600) \$1 \$1144 \$1 (\$15 \$1 \$15) \$1 \$10.30 | \$12,045.35 |
| Total: | | \$12,149.95 |
# Security
When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit [AWS Cloud Security](https://aws.amazon.com/security/).
## Server-side encryption
AWS highly recommends that customers encrypt sensitive data in transit and at rest. This solution automatically encrypts media files and metadata at rest with [Amazon S3 server-side encryption (SSE)](http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).The solution's Amazon Simple Notification Service (Amazon SNS) topics and Amazon DynamoDB tables are also encrypted at rest using SSE.
## Amazon CloudFront
This solution deploys a static website [hosted](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) in an Amazon S3 bucket. To help reduce latency and improve security, this solution includes an Amazon CloudFront distribution with an origin access identity, which is a special CloudFront user that helps restrict access to the solution's website bucket contents. For more information, refer to [Restricting access to Amazon S3 content by using an origin access identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html).
## Amazon OpenSearch Service
Documents indexed to the Amazon OpenSearch Service cluster are encrypted at rest. Node-to-node communication within the cluster is also encrypted.
## Search engine sizing
The CloudFormation template provides presets for the end user to configure different Amazon OpenSearch Service clusters: **Development and Testing**, **Suitable for Production Workload**, **Recommended for Production Workload**, and **Recommended for Large Production Workload**.
+ **Development and Testing** – This preset creates an Amazon OpenSearch Service cluster in a single Availability Zone with a single `m5.large.search` data node, 10GB storage, and without dedicated primary node.
+ **Suitable for Production Workflow** – This preset creates an Amazon OpenSearch Service cluster in two Availability Zones with two `m5.large.search` data nodes, 20GB storage, and three dedicated `t3.small.search` primary nodes.
+ **Recommended for Production Workload** – This preset creates an Amazon OpenSearch Service cluster in two Availability Zones with four `m5.large.search` data nodes, 20GB storage, and three dedicated `t3.small.search` primary nodes.
+ **Recommended for Large Production Workload** – This preset creates an Amazon OpenSearch Service cluster in three Availability Zones with six `m5.large.search` data nodes, 40GB storage, and three dedicated `t3.small.search` primary nodes.
# Integrated partners
The Media2Cloud on AWS solution is designed to provide a standardized architecture to support [AWS Partners](https://aws.amazon.com/partners/) to integrate with content from AWS customers. A standardized architecture helps accelerate the migration and supply chain process, and helps Media Asset Manager (MAM) partners provide solutions for their customers.
The Media2Cloud on AWS solution integrates with the following AWS Partners:
## Cloudfirst.io
[Cloudfirst.io](http://www.cloudfirst.io/) is an AWS Partner that specializes in large-scale, unstructured, active archive, and content storage management solutions for Media and Entertainment. They actively assist clients with legacy archive migrations embracing various next-generation technologies. Cloudfirst provides consulting and a product called Rapid Migrate that address the challenges of moving content out of existing LTO archives, process and move content into Amazon S3 storage in supported content and metadata formats for Media2Cloud on AWS to initiate the ingestion process.
## Levels Beyond
[Levels Beyond](https://www.reachengine.com/) is an AWS Partner that provides a Media Asset Manager (MAM) service platform called Reach Engine. Levels Beyond can be integrated with the Media2Cloud on AWS solution through Amazon SNS and interface with the output to consume the JSON formatted metadata to provide customers with a rich search, discovery and management service to manage their content archives. Levels Beyond can support customers further by configuring the services to add additional metadata faceting as well as automating the processing of content for production, OTT, digital publishing and other content related services.
## Nomad CMS
[Nomad](https://nomad-cms.com/) CMS is an AWS Partner that supports the ability to bring an OTT metadata enrichment and discovery system to existing Amazon S3 assets. Nomad augments Amazon S3 asset storage without requiring any changes to the existing asset structure or files themselves. Nomad also automatically integrates with Media2Cloud on AWS and other AWS AI/ML services. Confidence scores, labels, transcriptions, and other AI enrichment is used to tag each asset with appropriate discovery information. Searching and publishing activities are used to make the resulting metadata available to custom solutions or in support of other integration activities.
## EditShare
[EditShare](https://editshare.com/) is an AWS Partner that designs and delivers high-performance, scalable, shared storage solutions that allow media professionals to create outstanding content. EditShare's EFSv with FLOW is a Media2Cloud on AWS activated, end-to-end cloud production solution. It supports tiered asset storage, media management, intelligent archiving, and broad compatibility with creative tools such as the Adobe Creative Suite. Highlighting only one use case, EFSv and FLOW powered workflows have fast search and seamless switching between proxy and high-resolution editing right in the video editorial application. EditShare's Professional Services team can offer AWS customers seamless workflows designed around their business processes, leveraging solutions from EditShare and other providers.
## eMAM
[eMAM](http://www.empressmam.com/) is an AWS Partner that powers workflows for production, post-production, sharing, and distribution: the entire lifecycle of a digital asset. eMAM provides a web interface designed to support non-technical users, providing a collaboration nexus for editors and designers using integrations into Apple Final Cut and Adobe Creative Cloud applications. eMAM is flexible, with easy configuration and scalability for the entire range of use cases and verticals, to provide customers with choice and control. eMAM provides a range of options for deployment including AWS cloud and hybrid solutions. eMAM is available as a permanent license or as a subscription in the AWS Marketplace with SaaS/PaaS-Server options.
## Evertz
[Evertz](https://evertz.com/applications/asset-management-playout/) is an AWS Partner that provides the Mediator-X, a cohesive, highly scalable, infrastructure agnostic platform for Media Asset Management, Transmission Playout and Non-Linear delivery applications. Evertz Mediator-X allows customers to manage their *Cloud Content Factory* at scale using a rich feature set of integrations and options under the functional blocks of acquisition, processing, management, production, playout, and delivery. Utilizing Media2Cloud on AWS and other AWS services, customers can gather and store both metadata and content in highly durable cloud storage, use the intuitive user-interface to visualize machine learning data alongside other customer-specific metadata or pull data from API endpoints within the Mediator-X platform.
## IMT
[IMT](https://cloudsoda.io/) is an AWS Partner that provides SoDA, a new way to control data movement between storage tiers, on-site and in the cloud. Since its inception 13 years ago, IMT has grown to become a leading next-gen Systems Integrator supporting over 800\$1 customers in Media & Entertainment, broadcast, sports, and corporate video in North America. SoDA is IMT's Intelligent Data Management Software that can be leveraged as a simple data migration tool to help customers move off from legacy archives, as well as broker data movement to and from the cloud to various endpoints. Designed to work with all types of storage—on-premises, hybrid, and AWS—users can define rich, flexible policies or manually transfer data. SoDA plugs into multiple MAM solutions to empower end users to control their own data movement.
## Quantiphi
[Quantiphi](https://quantiphi.com/partners/amazon-web-services/transforming-media-entertainment-industry-with-artificial-intelligence/#overview) is an AWS partner that provides an AI-powered Media Intelligence solution that helps media and entertainment customers unlock hidden data potential to curate better content, enhance customer targeting, and implement effective channel strategies to transform their customer experience.
## Signiant
[Signiant](https://www.signiant.com/) is an AWS Partner that offers fast and secure movement of large data sets over any IP network. Signiant provides foundational technology that allows content exchange within and between companies of all sizes to connect the global media supply chain. The Signiant Software-Defined Content Exchange (SDCX) SaaS platform provides people and systems with access to media assets located across disparate and distributed storage repositories ⎯ and lays the groundwork for innovations that extend beyond file transfer. Signiant's proprietary transport technology is the foundation upon which Signiant was built. Signiant's continued investment in this area has allowed them to remain a leader in the category for more than 15 years, and their software is relied upon to move petabytes of high-value content every day. Each Signiant product capitalizes on their advanced acceleration technology to transfer content up to 100 times faster than standard Internet transmission speeds, and Signiant technology is capable of moving any size of file or data set over any IP network, while taking advantage of all available bandwidth.
## Starchive
[Starchive](https://www.starchive.io/) is an AWS Partner that offers a command center for today's content producers. Starchive brings the power of digital asset management to the entrepreneur and small/medium business with the elegance of a modern consumer SaaS application and at a fraction of the cost of comparable solutions. Starchive helps users find the signal in the noise of their digital chaos and get back to work building their brand, business, and bottom line. In a world where every individual has the power to create and the opportunity to consume digital media 24/7—every business has the mandate to be a content powerhouse to thrive. Learn more about how [Starchive used Media2Cloud on AWS to help Essence Magazine](https://aws.amazon.com/blogs/media/successful-innovation-for-essence-as-starchive-and-aws-help-deliver-the-2020-essence-festival-of-culture/) support their 50-year anniversary by improving the accessibility to their historical archive.
## TrackIt
[TrackIt](https://trackit.io/) is an AWS Advanced Consulting Partner with decades of experience in the Media & Entertainment industry and a wealth of cloud technology design and deployment work performed for many media-centric companies. TrackIt has experience building advanced pipelines that include AI/ML tools and integration with asset management systems, along with transcoding, rendering, VOD, OTT, live streaming, cloud-based editorial, and collaborative online tools. Learn more about how [Trackit used Media2Cloud on AWS to help Jukin Media](https://trackit.io/case-studies/jukin-media/) improve the utility of their archive.
# Supported AWS Regions
This solution can be deployed to any AWS Region. If a service, such as Amazon Rekognition, is not currently available in the Region, the solution reduces its functionality. Analysis features such as *celebrity recognition*, *label detection*, and *face detection* will be turned off.
We recommend for you to launch the solution in an AWS Region where Amazon Rekognition, Amazon Transcribe, and Amazon Comprehend are available. For the most current availability of AWS services by Region, refer to the [AWS Regional Services List](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/).
As of the latest revision, this solution is fully supported in the following Regions:
| Region name | |
| --- | --- |
| US East (Ohio) | Asia Pacific (Sydney) |
| US East (N. Virginia) | Canada (Central) |
| US West (Oregon) | Europe (Frankfurt) |
| Asia Pacific (Mumbai) | Europe (Ireland) |
| Asia Pacific (Seoul) | Europe (London) |
| Asia Pacific (Singapore) | AWS GovCloud (US-West) |
# Quotas
Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account.
## Quotas for AWS services in this solution
Make sure you have sufficient quota for each of the [services implemented in this solution](aws-services-in-this-solution.md). For more information, see [AWS service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html).
Use the following links to go to the page for that service. To view the service quotas for all AWS services in the documentation without switching pages, view the information in the [Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/aws-general.pdf#aws-service-information) page in the PDF instead.
## AWS CloudFormation quota
Your AWS account has AWS CloudFormation quotas that you should be aware of when [launching the stack](step-1-launch-the-stack.md) in this solution. By understanding these quotas, you can avoid limitation errors that would prevent you from deploying this solution successfully. For more information, see [AWS CloudFormation quotas](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html) in the in the *AWS CloudFormation User's Guide*.
## Amazon Transcribe
Amazon Transcribe can process files up to four hours in length, this is the Maximum media duration. For more information, refer to [Amazon Transcribe endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/transcribe.html).
## Amazon Recognition
The Amazon Rekognition Custom Labels setting is currently limited to running up to two models. For more information, refer to [Guidelines and quotas in Amazon Rekognition Custom Labels](https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/limits.html) in the *Amazon Rekognition Custom Labels Guide*.
![\[Amazon Rekognition default detection settings.\]](http://docs.aws.amazon.com/solutions/latest/media2cloud-on-aws/images/image19.png)