# Creating a flow Creating a flow A flow is a connection between one or more sources and one or more outputs or entitlements. The method that you use to create a flow is dependent on the type of flow that you want to create and the type of content in the source: + [Transport stream flow with a standard source](flows-create-standard-source.md) – Uses content from any source that is not a VPC source or an entitled source. + [Transport stream flow with an entitled source](flows-create-entitled-source.md) – Uses content that is owned by another AWS account that has granted an entitlement to your account. + [Transport stream flow with a VPC source](flows-create-vpc-source.md) – Uses compressed content that comes from a VPC that you configure. + [NDI flow ](flows-create-ndi.md) – Uses content that comes from an NDI® sender in a VPC that you configure. + [CDI flow ](flows-create-cdi.md) – Uses uncompressed content that comes from a VPC that you configure. **Note** If you want to create a transport stream flow that uses redundant sources for failover, create the flow with one of the sources. After the flow is created, [add the other source](source-adding.md). Because MediaConnect treats both sources as the primary source, it doesn't matter which one you specify when you first create the flow. If your flow uses an entitled source, you can't add a second source. For redundancy with CDI workflows, create two separate flows. # Creating a transport stream flow that uses a standard source Transport stream flow, standard source Transport stream flows transport compressed content that is muxed into a single stream. A flow uses a *standard* source when the content comes from anywhere other than a VPC ([VPC source](flows-create-vpc-source.md)) or another AWS account ([entitled source](#flows-create-standard-source)). ## Prerequisites Before you begin, make sure you've completed the following steps: **Encryption setup (if required)** If the source of your flow requires encryption, you'll need to [set up encryption](encryption-static-key-set-up.md). **NDI® configuration (for NDI use cases only)** We recommend reviewing the [NDI outputs](outputs-using-ndi.md) documentation to familiarize yourself with this feature before getting started. If you want to add an NDI output to your flow, you need a VPC with NDI discovery servers provisioned in your network. MediaConnect connects to these servers, but it doesn't create them for you. + For a quick start with VPCs, you can use our [AWS CloudFormation VPC template](https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html) to automatically create a VPC with public and private subnets. For more information about VPCs, see the [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/). + For NDI discovery server deployment, AWS provides guidance on automated setup across multiple Availability Zones using AWS CloudFormation, including best practices for installation and configuration. For instructions, see [Setting Up NDI Discovery Servers for Broadcast Workflows](https://aws.amazon.com/solutions/guidance/programmatic-deployment-of-ndi-discovery-servers-for-broadcast-workflows-on-aws/). + We recommend that you configure your security groups with a self-referencing ingress rule and egress rule. You can then attach this security group to the EC2 instances where your NDI servers are running within the VPC. This approach automatically allows all necessary NDI communication between components in your VPC, and all required network traffic is permitted. For guidance on setting up self-referencing security group rules, see [Security Group Referencing](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing) in the Amazon VPC User Guide. ## Procedure ### Create a transport stream flow that uses a standard source (console) Transport stream flow, standard source (console)AWS Elemental Link UHD devices with MediaConnect You can now use AWS Elemental Link UHD devices and the Zixi push protocol as a source for MediaConnect flows. 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. On the **Flows** page, choose **Create flow**. 1. In the **Details** section, for **Name**, specify a name for your flow. This name will become part of the ARN for this flow. **Note** MediaConnect allows you to create multiple flows with the same name. However, we encourage you to use unique flow names within an AWS Region to help with organization. After you create a flow, you can't change the name. 1. For **Availability Zone**, choose an Availability Zone for your flow. Use this option when you are setting up redundant flows. Otherwise, you can leave this as **Any**. If you leave the default, the service will randomly assign an Availability Zone within the current AWS Region, or if your source comes from a VPC, the service will assign the Availability Zone of the VPC subnet to the flow. 1. Under **Flow size**, select the size that matches your use case. For more information about flow sizes, see [Flow sizes and capabilities](flow-sizes-capabilities.md). **For medium flows:** + Proceed directly to step 6. **For large flows:** + If you don't need NDI outputs for your flow, proceed directly to step 6. + If you want to add NDI outputs to your flow, configure the NDI settings as follows: 1. Set **Flow NDI support** to **Enabled**. 1. (Optional) Enter an **NDI machine name**. + This name is used as a prefix to help you identify the NDI sources that your flow creates. For example, if you enter **MACHINENAME**, your NDI sources will appear as **MACHINENAME** `(ProgramName)`. + If you don’t enter a name, MediaConnect generates a unique 12-character ID as the prefix. This ID is derived from the flow's Amazon Resource Name (ARN), so the machine name references the flow resource. **Tip** Thoughtful naming is especially important when you have multiple flows creating NDI sources. For example, a production environment with 100 NDI sources would benefit from clear, descriptive machine name prefixes like `STUDIO-A`, `STUDIO-B`, `NEWSROOM`, and so on. 1. Add up to three **NDI discovery servers**. For each server, provide the following information: + Enter the server IP address from your existing NDI infrastructure. + Select the VPC interface adapter to control network access. + (Optional) Specify a port number. If you leave this blank, MediaConnect uses the NDI Discovery server default of TCP-5959. **Tip** You can add up to three discovery servers. Having multiple discovery servers improves reliability and helps ensure your NDI sources are discoverable across your network. 1. Determine which protocol your source uses. **Note** If you want to specify redundant sources for failover, create the flow with one of the sources. After the flow is created, update it to activate failover on the source, and add the second source to the flow. Because MediaConnect treats both sources as the primary source, it doesn't matter which one you specify when you first create the flow. 1. For specific instructions based on your source type and protocol, choose one of the following tabs: ------ #### [ RIST ] 1. In the **Source** section, for **Source type**, choose **Standard source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. 1. For **Protocol**, choose **RIST**. 1. For **Ingest port**, specify the port that the flow will listen on for incoming content. **Note** The RIST protocol requires one additional port for error correction. To accommodate this requirement, MediaConnect reserves the port that is \$11 from the port that you specify. For example, if you specify port 4000 for the output, the service assigns ports 4000 and 4001. 1. For **Allowlist CIDR**, specify a range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block, for example, 10.24.34.0/23. For more information about CIDR notation, see [RFC 4632](https://tools.ietf.org/html/rfc4632). **Important** Specify a CIDR block that is as precise as possible. Include only the IP addresses that you want to contribute content to your flow. If you specify a CIDR block that is too wide, it allows for the possibility of outside parties sending content to your flow. 1. For **Maximum bitrate**, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. 1. For **Maximum latency**, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 1-15,000 ms. If you keep this field blank, the service uses the default value of 2,000 ms. ------ #### [ RTP or RTP-FEC ] 1. In the **Source** section, for **Source type**, choose **Standard source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **RTP** or **RTP-FEC**. 1. For **Ingest port**, specify the port that the flow will listen on for incoming content. **Note** The RTP-FEC protocol requires two additional ports for error correction. To accommodate this requirement, MediaConnect reserves the ports that are \$12 and \$14 from the port that you specify. For example, if you specify port 4000 for the output, the service assigns ports 4000, 4002, and 4004. 1. For **Allowlist CIDR**, specify a range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block, for example, 10.24.34.0/23. For more information about CIDR notation, see [RFC 4632](https://tools.ietf.org/html/rfc4632). **Important** Specify a CIDR block that is as precise as possible. Include only the IP addresses that you want to contribute content to your flow. If you specify a CIDR block that is too wide, it allows for the possibility of outside parties sending content to your flow. 1. For **Maximum bitrate**, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. ------ #### [ SRT listener ] 1. In the **Source** section, for **Source type**, choose **Standard source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **SRT listener**. 1. For **Source description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **Allowlist CIDR block**, specify a range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block, for example, 10.24.34.0/23. For more information about CIDR notation, see [RFC 4632](https://tools.ietf.org/html/rfc4632). **Important** Specify a CIDR block that is as precise as possible. Include only the IP addresses that you want to contribute content to your flow. If you specify a CIDR block that is too wide, it allows for the possibility of outside parties sending content to your flow. 1. For **Inbound port**, specify the port that the flow listens on for incoming content. 1. For **Source listener address**, enter the address MediaConnect will use for the SRT connection. The address can be an IP address or a domain name. 1. For **Source description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **Maximum bitrate**, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. 1. For **Minimum latency**, specify the minimum size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 10–15,000 ms. If you keep this field blank, MediaConnect uses the default value of 2,000 ms. The SRT protocol uses a **minimum latency** configuration on each side of the connection. The larger of these two values is used as the *recovery latency*. If the transmitted bitrate, multiplied by the recovery latency, is higher than the *receiver buffer*, the buffer will overflow and the stream can fail with a `Buffer Overflow Error`. On the SRT receiver side, the receiver buffer is configured by the SRTO\$1RCVBUF value. The size of the receiver buffer is limited by the *flow control window size* (SRTO\$1FC) value. On the MediaConnect side, the receiver buffer is calculated as the **maximum bitrate** value multiplied by the **minimum latency** value. For more information about the SRT buffer, see [the SRT Configuration Guidelines.](https://github.com/Haivision/srt/blob/master/docs/API/configuration-guidelines.md) 1. If the source is encrypted, choose **Activate** in the **Decryption** section and do the following: 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). ------ #### [ SRT caller ] 1. In the **Source** section, for **Source type**, choose **Standard source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **SRT caller**. 1. For **Source description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **Source listener address**, enter the address MediaConnect will use for the SRT connection. The address can be an IP address or a domain name. 1. For **Source listener port**, enter the port MediaConnect will use for the SRT connection. 1. For **Maximum bitrate** (optional), specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. 1. For **Minimum latency**, specify the minimum size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 10–15,000 ms. If you keep this field blank, MediaConnect uses the default value of 2,000 ms. The SRT protocol uses a **minimum latency** configuration on each side of the connection. The larger of these two values is used as the *recovery latency*. If the transmitted bitrate, multiplied by the recovery latency, is higher than the *receiver buffer*, the buffer will overflow and the stream can fail with a `Buffer Overflow Error`. On the SRT receiver side, the receiver buffer is configured by the SRTO\$1RCVBUF value. The size of the receiver buffer is limited by the *flow control window size* (SRTO\$1FC) value. On the MediaConnect side, the receiver buffer is calculated as the **maximum bitrate** value multiplied by the **minimum latency** value. For more information about the SRT buffer, see [the SRT Configuration Guidelines.](https://github.com/Haivision/srt/blob/master/docs/API/configuration-guidelines.md) 1. For **Stream ID** (optional), enter an identifier for the stream. This identifier can be used to communicate information about the stream. 1. If the source is encrypted, choose **Activate** in the **Decryption** section and do the following: 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). ------ #### [ Zixi push ] 1. In the **Source** section, for **Source type**, choose **Standard source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **Zixi push**. **Note** MediaConnect assigns the inbound port for Zixi push sources at the time of creation. A port number of 2088 will be assigned automatically. 1. For **Allowlist CIDR**, specify a range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block, for example, 10.24.34.0/23. For more information about CIDR notation, see [RFC 4632](https://tools.ietf.org/html/rfc4632). **Important** Specify a CIDR block that is as precise as possible. Include only the IP addresses that you want to contribute content to your flow. If you specify a CIDR block that is too wide, it allows for the possibility of outside parties sending content to your flow. 1. For **Stream ID**, specify the stream ID set in the Zixi feeder. **Important** If you leave this field blank, the service uses the source name as the stream ID. Because the stream ID must match the value set in the Zixi feeder, you need to specify the stream ID if it is not exactly the same as the source name. 1. For **Maximum latency**, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value between 0 and 60,000 ms. If you keep this field blank, the service uses the default value of 6,000 ms. 1. If the source is encrypted, choose **Activate** in the **Decryption** section and do the following: 1. For **Decryption type**, choose **Static key**. 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). 1. For **Decryption algorithm**, choose the type of encryption that was used to encrypt the source. ------ #### [ Zixi push for AWS Elemental Link UHD device ] To use an AWS Elemental Link device as a source for MediaConnect, you must create a Zixi push flow using the following procedure. After creating the Zixi push flow, you must configure the AWS Elemental Link device using MediaLive. See the following MediaLive setup instructions to complete the process after you have created the flow: [Using a device in a flow](https://docs.aws.amazon.com/medialive/latest/ug/device-use-flow.html) in the *MediaLive User Guide*. Ensure you have access to both MediaConnect and MediaLive to complete these steps. 1. In the **Source** section, for **Source type**, choose **Standard source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **Zixi push**. **Note** MediaConnect assigns the inbound port for Zixi push sources at the time of creation. A port number of 2088 will be assigned automatically. 1. For **Allowlist CIDR block**, specify a range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block, for example, 10.24.34.0/23. For more information about CIDR notation, see [RFC 4632](https://tools.ietf.org/html/rfc4632). **Important** If you know the range of public IP addresses that your Link device uses to connect to the internet, enter that CIDR block. Note that this is not the same as the IP address of the AWS Elemental Link device. If you cannot obtain this information, it is possible to configure the CIDR block to be open to all possible IP addresses by using 0.0.0.0/0. Typically, it is not best practice to assign a CIDR block that is open to the entire internet (0.0.0.0/0). However, if this method must be used, the data being transferred is encrypted using AES-128 encryption. 1. For **Maximum latency**, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value between 0 and 60,000 ms. If you keep this field blank, the service uses the default value of 6,000 ms. The **Maximum latency** value should match the **Latency** value configured on the AWS Elemental Link device. For information on configuring the Link device's latency, see: [Configuring the device](https://docs.aws.amazon.com/medialive/latest/ug/device-edit.html) in the *AWS Elemental MediaLive User Guide* 1. For **Decryption**, choose **Activate** and do the following: 1. For **Decryption type**, choose **Static key**. 1. For **Decryption algorithm**, choose **AES-128**. AWS Elemental Link requires AES-128, do not select another algorithm. 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). ------ 1. Under **Source monitoring configuration**, choose which monitoring features you want to enable. 1. Turn on **Thumbnails state** to generate source thumbnails that you can preview in the console. 1. Turn on **Content quality analysis state** to monitor for the following audio and video quality issues. 1. (Optional) Turn on **Black frames** to detect periods of black video frames in the stream. 1. (Optional) Turn on **Frozen frames** to detect periods of unchanging video frames in the stream. 1. (Optional) Turn on **Silent audio** to detect periods of audio silence in the stream. 1. (Optional) Set a duration threshold between 10 and 60 seconds for each metric that you enable. The default is 30 seconds. 1. At the bottom of the page, choose **Create flow**. ### Create a transport stream flow that uses a standard source (AWS CLI) Transport stream flow, standard source (AWS CLI) 1. Create a JSON file that contains the details of the flow that you want to create. The following example shows the structure for the contents of the file: ``` { "Name": "AwardsShow", "Outputs": [ { "Destination": "198.51.100.5", "Description": "RTP output", "Name": "RTPOutput", "Protocol": "rtp", "Port": 5020 } ], "Source": { "Name": "AwardsShowSource", "Protocol": "rtp-fec", "WhitelistCidr": "10.24.34.0/23" } } ``` 1. In the AWS CLI, use the `create-flow` command: ``` aws mediaconnect create-flow --cli-input-json file://rtp.json --profile PMprofile ``` The following example shows the return value: ``` { "Flow": { "EgressIp": "203.0.113.0", "AvailabilityZone": "us-east-1d", "Name": "AwardsShow", "Status": "STANDBY", "FlowArn": "arn:aws:mediaconnect:us-east-1:111122223333:flow:1-23aBC45dEF67hiJ8-12AbC34DE5fG:AwardsShow", "Source": { "SourceArn": "arn:aws:mediaconnect:us-east-1:111122223333:source:3-4aBC56dEF78hiJ90-4de5fG6Hi78Jk:AwardsShowSource", "Name": "AwardsShowSource", "IngestPort": 5000, "WhitelistCidr": "10.24.34.0/23", "IngestIp": "198.51.100.15", "Transport": { "Protocol": "rtp-fec", "MaxBitrate": 80000000 } }, "Entitlements": [], "Outputs": [ { "Port": 5020, "Name": "AwardsShowOutput", "OutputArn": "arn:aws:mediaconnect:us-east-1:111122223333:output:2-3aBC45dEF67hiJ89-c34de5fG678h:AwardsShowOutput", "Description": "RTP-FEC Output", "Destination": "198.51.100.5", "Transport": { "Protocol": "rtp", "SmoothingLatency": 0 } } ] } } ``` ## Next steps Now that you've created a flow, complete these steps to start delivering your content: + [Add outputs](outputs-add.md) to specify where you want your MediaConnect flow to send your content + [Grant entitlements](entitlements-grant.md) to allow users of other AWS accounts to subscribe to your content + [Start your flow](flows-start.md) to begin content delivery ## Additional resources For more information about source monitoring options for your flow, see the following pages in this guide: + [Viewing thumbnails of the source video](monitor-with-thumbnails.md) + [Monitoring with content quality analysis in AWS Elemental MediaConnect](https://docs.aws.amazon.com/mediaconnect/latest/ug/monitor-content-quality-analysis.html) # Creating a transport stream flow that uses an entitled source Transport stream flow, entitled source Transport stream flows transport compressed content that is muxed into a single stream. An entitled source is content that comes from another AWS account. ## Prerequisites + **NDI® configuration (for NDI use cases only)** We recommend reviewing the [NDI outputs](outputs-using-ndi.md) documentation to familiarize yourself with this feature before getting started. If you want to add an NDI output to your flow, you need a VPC with NDI discovery servers provisioned in your network. MediaConnect connects to these servers, but it doesn't create them for you. + For a quick start with VPCs, you can use our [AWS CloudFormation VPC template](https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html) to automatically create a VPC with public and private subnets. For more information about VPCs, see the [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/). + For NDI discovery server deployment, AWS provides guidance on automated setup across multiple Availability Zones using AWS CloudFormation, including best practices for installation and configuration. For instructions, see [Setting Up NDI Discovery Servers for Broadcast Workflows](https://aws.amazon.com/solutions/guidance/programmatic-deployment-of-ndi-discovery-servers-for-broadcast-workflows-on-aws/). + We recommend that you configure your security groups with a self-referencing ingress rule and egress rule. You can then attach this security group to the EC2 instances where your NDI servers are running within the VPC. This approach automatically allows all necessary NDI communication between components in your VPC, and all required network traffic is permitted. For guidance on setting up self-referencing security group rules, see [Security Group Referencing](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing) in the Amazon VPC User Guide. ## Procedure **To create a transport stream flow that uses an entitled source (console)** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. On the **Flows** page, choose **Create flow**. 1. In the **Details** section, for **Name**, specify a name for your flow. This name will become part of the ARN for this flow. **Note** MediaConnect allows you to create multiple flows with the same name. However, we encourage you to use unique flow names within an AWS Region to help with organization. After you create a flow, you can't change the name. 1. For **Availability Zone**, choose one of the following options: + Select **Any** (recommended) + Select a specific Availability Zone (useful if you're setting up redundant flows) If you use the default setting (**Any**), MediaConnect will randomly assign an Availability Zone within the current AWS Region. If your source comes from a VPC, the service will assign the Availability Zone of the VPC subnet to the flow. **Note** If your source comes from your VPC, the Availability Zone of your flow must match that of your VPC subnet. We recommend that you leave this as **Any** and let the service ensure that the Availability Zone is set correctly. 1. Under **Flow size**, select the size that matches your use case. For more information about flow sizes, see [Flow sizes and capabilities](flow-sizes-capabilities.md). **For medium flows:** + Proceed directly to step 6. **For large flows:** + If you don't need NDI outputs for your flow, proceed directly to step 6. + If you want to add NDI outputs to your flow, configure the NDI settings as follows: 1. Set **Flow NDI support** to **Enabled**. 1. (Optional) Enter an **NDI machine name**. + This name is used as a prefix to help you identify the NDI sources that your flow creates. For example, if you enter **MACHINENAME**, your NDI sources will appear as **MACHINENAME** `(ProgramName)`. + If you don’t enter a name, MediaConnect generates a unique 12-character ID as the prefix. This ID is derived from the flow's Amazon Resource Name (ARN), so the machine name references the flow resource. **Tip** Thoughtful naming is especially important when you have multiple flows creating NDI sources. For example, a production environment with 100 NDI sources would benefit from clear, descriptive machine name prefixes like `STUDIO-A`, `STUDIO-B`, `NEWSROOM`, and so on. 1. Add up to three **NDI discovery servers**. For each server, provide the following information: + Enter the server IP address from your existing NDI infrastructure. + Select the VPC interface adapter to control network access. + (Optional) Specify a port number. If you leave this blank, MediaConnect uses the NDI Discovery server default of TCP-5959. **Tip** You can add up to three discovery servers. Having multiple discovery servers improves reliability and helps ensure your NDI sources are discoverable across your network. 1. In the **Source** section: + For **Source type**, choose **Entitled source**. + For **Entitlement ARN**, choose the appropriate entitlement. This list includes all entitlements that have been granted to you. **Tip** You can click in this field and start entering the entitlement name. MediaConnect will filter the list to include only entitlements with a name that matches what you enter. 1. Under **Source monitoring configuration**, choose which monitoring features you want to enable. 1. Turn on **Thumbnails state** to generate source thumbnails that you can preview in the console. 1. Turn on **Content quality analysis state** to monitor for the following audio and video quality issues. 1. (Optional) Turn on **Black frames** to detect periods of black video frames in the stream. 1. (Optional) Turn on **Frozen frames** to detect periods of unchanging video frames in the stream. 1. (Optional) Turn on **Silent audio** to detect periods of audio silence in the stream. 1. (Optional) Set a duration threshold between 10 and 60 seconds for each metric that you enable. The default is 30 seconds. 1. Choose **Create flow**. ## Next steps Now that you've created a flow, complete these steps to start delivering your content: + [Add outputs](outputs-add.md) to specify where you want your MediaConnect flow to send your content + [Grant entitlements](entitlements-grant.md) to allow users of other AWS accounts to subscribe to your content + [Start your flow](flows-start.md) to begin content delivery ## Additional resources For more information about source monitoring options for your flow, see the following pages in this guide: + [Viewing thumbnails of the source video](monitor-with-thumbnails.md) + [Monitoring with content quality analysis in AWS Elemental MediaConnect](https://docs.aws.amazon.com/mediaconnect/latest/ug/monitor-content-quality-analysis.html) # Creating a transport stream flow that uses a VPC source Transport stream flow, VPC source Transport stream flows transport compressed content that is muxed into a single stream. When you create a flow that uses a source from your virtual private cloud (VPC), your content does not go over the public internet. This is useful for security reasons as well as reliability. You set up your VPC and then create a flow that has an interface to that VPC. Alternatively, you can create a flow based on an entitlement that another AWS account granted to allow you to use their content ([entitled source](flows-create-entitled-source.md)) or a [standard source](flows-create-standard-source.md). ## Prerequisites Before you begin, make sure you've completed the following steps: **VPC configuration** In Amazon VPC, set up your VPC and associated security groups. For more information about VPCs, see the [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/). For information about configuring security groups to work with your VPC interface, see [Security group considerations](vpc-interface-security-groups.md). **IAM setup** In IAM, [set up MediaConnect as a trusted service](security-iam-trusted-entity.md). **Encryption setup (if required)** If the source of your flow requires encryption, [set up encryption](encryption-static-key-set-up.md). **NDI® configuration (for NDI use cases only)** We recommend reviewing the [NDI outputs](outputs-using-ndi.md) documentation to familiarize yourself with this feature before getting started. If you want to add an NDI output to your flow, you need a VPC with NDI discovery servers provisioned in your network. MediaConnect connects to these servers, but it doesn't create them for you. + AWS provides guidance on automated setup across multiple Availability Zones using AWS CloudFormation, including best practices for installation and configuration. For instructions, see [Setting Up NDI Discovery Servers for Broadcast Workflows](https://aws.amazon.com/solutions/guidance/programmatic-deployment-of-ndi-discovery-servers-for-broadcast-workflows-on-aws/). + We recommend that you configure your security groups with a self-referencing ingress rule and egress rule. You can then attach this security group to the EC2 instances where your NDI servers are running within the VPC. This approach automatically allows all necessary NDI communication between components in your VPC, and all required network traffic is permitted. For guidance on setting up self-referencing security group rules, see [Security Group Referencing](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing) in the Amazon VPC User Guide. ## Procedure **To create a transport stream flow that uses a VPC source (console)** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. On the **Flows** page, choose **Create flow**. 1. In the **Details** section, for **Name**, specify a name for your flow. This name will become part of the ARN for this flow. **Note** MediaConnect allows you to create multiple flows with the same name. However, we encourage you to use unique flow names within an AWS Region to help with organization. After you create a flow, you can't change the name. 1. For **Availability Zone**, choose **Any** or choose the Availability Zone where your VPC subnet resides. We recommend that you leave this as **Any** and let the service ensure that the Availability Zone is set correctly. 1. Under **Flow size**, select the size that matches your use case. For more information about flow sizes, see [Flow sizes and capabilities](flow-sizes-capabilities.md). **For medium flows:** + Proceed directly to step 6. **For large flows:** + If you don't need NDI outputs for your flow, proceed directly to step 6. + If you want to add NDI outputs to your flow, configure the NDI settings as follows: 1. Set **Flow NDI support** to **Enabled**. 1. (Optional) Enter an **NDI machine name**. + This name is used as a prefix to help you identify the NDI sources that your flow creates. For example, if you enter **MACHINENAME**, your NDI sources will appear as **MACHINENAME** `(ProgramName)`. + If you don’t enter a name, MediaConnect generates a unique 12-character ID as the prefix. This ID is derived from the flow's Amazon Resource Name (ARN), so the machine name references the flow resource. **Tip** Thoughtful naming is especially important when you have multiple flows creating NDI sources. For example, a production environment with 100 NDI sources would benefit from clear, descriptive machine name prefixes like `STUDIO-A`, `STUDIO-B`, `NEWSROOM`, and so on. 1. Add up to three **NDI discovery servers**. For each server, provide the following information: + Enter the server IP address from your existing NDI infrastructure. + Select the VPC interface adapter to control network access. + (Optional) Specify a port number. If you leave this blank, MediaConnect uses the NDI Discovery server default of TCP-5959. **Tip** You can add up to three discovery servers. Having multiple discovery servers improves reliability and helps ensure your NDI sources are discoverable across your network. 1. In the **Source** section, for **Source type**, choose **VPC source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. 1. Determine which protocol your source uses. **Note** If you want to specify redundant sources for failover, create the flow with one of the sources. After the flow is created, update it to activate failover on the source, and add the second source to the flow. Because MediaConnect treats both sources as the primary source, it doesn't matter which one you specify when you first create the flow. 1. For specific instructions based on your protocol, choose one of the following tabs: ------ #### [ RIST ] 1. For **Protocol**, choose **RIST**. 1. For **Ingest port**, specify the port that the flow will listen on for incoming content. **Note** The RIST protocol requires one additional port for error correction. To accommodate this requirement, MediaConnect reserves the port that is \$11 from the port that you specify. For example, if you specify port 4000 for the output, the service assigns ports 4000 and 4001. 1. For **VPC interface name**, choose the name of the VPC interface that you want to use as the source. 1. For **Maximum bitrate**, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. 1. For **Maximum latency**, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 1-15,000 ms. If you keep this field blank, the service uses the default value of 2,000 ms. ------ #### [ RTP or RTP-FEC ] 1. For **Protocol**, choose **RTP** or **RTP-FEC**. 1. For **Ingest port**, specify the port that the flow will listen on for incoming content. **Note** The RTP-FEC protocol requires two additional ports for error correction. To accommodate this requirement, MediaConnect reserves the ports that are \$12 and \$14 from the port that you specify. For example, if you specify port 4000 for the output, the service assigns ports 4000, 4002, and 4004. 1. For **VPC interface name**, choose the name of the VPC interface that you want to use as the source. 1. For **Maximum bitrate**, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. ------ #### [ SRT listener ] 1. In the **Source** section, for **Source type**, choose **VPC source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **SRT listener**. 1. For **Source description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **VPC interface name**, choose the name of the VPC interface that you want to use as the source. 1. For **Inbound port**, specify the port that the flow listens on for incoming content. 1. For **Maximum bitrate**, specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. 1. For **Minimum latency**, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 10 -15,000 ms. If you keep this field blank, the service uses the default value of 2,000 ms. The SRT protocol uses a **minimum latency** configuration on each side of the connection. The larger of these two values is used as the *recovery latency*. If the transmitted bitrate, multiplied by the recovery latency, is higher than the *receiver buffer*, the buffer will overflow and the stream can fail with a `Buffer Overflow Error`. On the SRT receiver side, the receiver buffer is configured by the SRTO\$1RCVBUF value. The size of the receiver buffer is limited by the *flow control window size* (SRTO\$1FC) value. On the MediaConnect side, the receiver buffer is calculated as the **maximum bitrate** value multiplied by the **minimum latency** value. For more information about the SRT buffer, see [the SRT Configuration Guidelines.](https://github.com/Haivision/srt/blob/master/docs/API/configuration-guidelines.md) 1. If the source is encrypted, choose **Activate** in the **Decryption** section and do the following: 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). ------ #### [ SRT caller ] 1. In the **Source** section, for **Source type**, choose **VPC source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **SRT caller**. 1. For **Source description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **VPC interface name**, choose the name of the VPC interface that you want to use as the source. 1. For **Source listener port**, enter the port the flow will use to pull the source from. 1. For **Maximum bitrate** (optional), specify the maximum expected bitrate (in bits per second) for the flow. We recommend that you specify a value that is twice the actual bitrate. 1. For **Minimum latency**, specify the minimum size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value from 10–15,000 ms. If you keep this field blank, MediaConnect uses the default value of 2,000 ms. The SRT protocol uses a **minimum latency** configuration on each side of the connection. The larger of these two values is used as the *recovery latency*. If the transmitted bitrate, multiplied by the recovery latency, is higher than the *receiver buffer*, the buffer will overflow and the stream can fail with a `Buffer Overflow Error`. On the SRT receiver side, the receiver buffer is configured by the SRTO\$1RCVBUF value. The size of the receiver buffer is limited by the *flow control window size* (SRTO\$1FC) value. On the MediaConnect side, the receiver buffer is calculated as the **maximum bitrate** value multiplied by the **minimum latency** value. For more information about the SRT buffer, see [the SRT Configuration Guidelines.](https://github.com/Haivision/srt/blob/master/docs/API/configuration-guidelines.md) 1. For **Stream ID** (optional), enter an identifier for the stream. This identifier can be used to communicate information about the stream. 1. If the source is encrypted, choose **Activate** in the **Decryption** section and do the following: 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). ------ #### [ Zixi push ] 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. It is not visible to anyone outside of the current AWS account. 1. For **Protocol**, choose **Zixi push**. **Note** MediaConnect assigns the inbound port for Zixi push VPC sources at the time of creation. A port number 2090–2099 will be assigned automatically. 1. For **VPC interface name**, choose the name of the VPC interface that you want to use as the source. 1. For **Stream ID**, specify the stream ID set in the Zixi feeder. **Important** If you leave this field blank, the service uses the source name as the stream ID. Because the stream ID must match the value set in the Zixi feeder, you need to specify the stream ID if it is not exactly the same as the source name. 1. For **Maximum latency**, specify the size of the buffer (delay) that you want the service to maintain. A higher latency value means a longer delay in transmitting the stream, but more room for error correction. A lower latency value means a shorter delay, but less room for error correction. You can choose a value between 0 and 60,000 ms. If you keep this field blank, the service uses the default value of 6,000 ms. 1. If the source is encrypted, choose **Activate** in the **Decryption** section and do the following: 1. For **Decryption type**, choose **Static key**. 1. For **Role ARN**, specify the ARN of the role that you created when you [set up encryption](encryption-static-key-set-up.md#encryption-static-key-set-up-create-iam-role). 1. For **Secret ARN**, specify the ARN that AWS Secrets Manager assigned when you [created the secret to store the encryption key](encryption-static-key-set-up.md#encryption-static-key-set-up-store-key). 1. For **Decryption algorithm**, choose the type of encryption that was used to encrypt the source. ------ 1. For each VPC that you want to connect to the flow, do the following: 1. In the **VPC interface** section, choose **Add VPC interface**. 1. For **Name**, specify a name for your VPC interface. The name of the VPC interface must be unique within the flow. 1. For **Role ARN**, specify the Amazon Resource Name (ARN) of the role that you created when you set up MediaConnect as a trusted service. 1. For **VPC**, choose the ID of the VPC that you want to use. **Note** If you don't see the VPC that you want in the list, verify that the VPC has been set up in Amazon Virtual Private Cloud and that you have IAM permissions to view the VPC. 1. For **Subnet**, choose the VPC subnet that you want MediaConnect to use to set up your VPC configuration. You must choose at least one and can choose as many as you want. 1. For **Security groups**, specify the VPC security groups that you want MediaConnect to use to set up your VPC configuration. You must choose at least one security group. 1. Under **Source monitoring configuration**, choose which monitoring features you want to enable. 1. Turn on **Thumbnails state** to generate source thumbnails that you can preview in the console. 1. Turn on **Content quality analysis state** to monitor for the following audio and video quality issues. 1. (Optional) Turn on **Black frames** to detect periods of black video frames in the stream. 1. (Optional) Turn on **Frozen frames** to detect periods of unchanging video frames in the stream. 1. (Optional) Turn on **Silent audio** to detect periods of audio silence in the stream. 1. (Optional) Set a duration threshold between 10 and 60 seconds for each metric that you enable. The default is 30 seconds. 1. At the bottom of the page, choose **Create flow**. ## Next steps Now that you've created a flow, complete these steps to start delivering your content: + [Add outputs](outputs-add.md) to specify where you want your MediaConnect flow to send your content + [Grant entitlements](entitlements-grant.md) to allow users of other AWS accounts to subscribe to your content + [Start your flow](flows-start.md) to begin content delivery ## Additional resources For more information about source monitoring options for your flow, see the following pages in this guide: + [Viewing thumbnails of the source video](monitor-with-thumbnails.md) + [Monitoring with content quality analysis in AWS Elemental MediaConnect](https://docs.aws.amazon.com/mediaconnect/latest/ug/monitor-content-quality-analysis.html) # Creating a flow that uses a CDI source CDI source A CDI flow transports high-quality uncompressed or lightly compressed content into and out of the AWS Cloud. You can configure a CDI flow to use JPEG XS to transport lightly compressed content. The content is demuxed into separate media streams for audio, video, or ancillary data. Each CDI flow can use multiple media streams for the source and multiple media streams for each output. MediaConnect uses AWS Cloud Digital Interface (AWS CDI) network technology to transport content that adheres to the SMPTE 2110, part 22 transport standard. CDI flows only support sources from a virtual private cloud (VPC) that you set up using Amazon VPC. You set up your VPC and then create a flow that has an interface to that VPC. MediaConnect doesn't support two sources on CDI flows. For redundancy with ST 2110 JPEG XS sources, you can specify two inbound VPC interfaces on an individual media stream. For redundancy with CDI sources, create a second flow. ## Prerequisites Before you begin this procedure, make sure that the following steps have been completed: + Review the suggested workflow shown in [Contribution for CDI flows](use-cases-cdi.md). + In Amazon VPC, set up your VPC and associated security groups. For more information about VPCs, see the [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/). For information about configuring security groups to work with your VPC interface, see [Security group considerations](vpc-interface-security-groups.md). + In IAM, [set up MediaConnect as a trusted service](security-iam-trusted-entity.md). ## Procedure ### Create an AWS CDI flow (console) AWS CDI flow (console) 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. On the **Flows** page, choose **Create flow**. 1. In the **Details** section, for **Name**, specify a name for your flow. This name will become part of the ARN for this flow. **Note** MediaConnect allows you to create multiple flows with the same name. However, we encourage you to use unique flow names within an AWS Region to help with organization. After you create a flow, you can't change the name. 1. For **Availability Zone**, choose the Availability Zone where your VPC subnet resides. 1. For **Flow size**, select **Large 4x**. 1. In the **Source** section, for **Source type**, choose **VPC source**. 1. For **Name**, specify a name for your source. This value is an identifier that is visible only on the MediaConnect console. 1. Skip to the **VPC interface** section. 1. For each VPC that you want to connect to the flow, do the following: 1. Choose **Add VPC interface**. 1. For **Name**, specify a name for your VPC interface. The name of the VPC interface must be unique within the flow. 1. For **Type**, choose the type of network adapter that you want MediaConnect to use on this interface. If you want to use this interface for a CDI source or output, you must choose **EFA** as the type. 1. For **Role ARN**, specify the Amazon Resource Name (ARN) of the role that you created when you set up MediaConnect as a trusted service. 1. For **VPC**, choose the ID of the VPC that you want to use. **Note** If you don't see the VPC that you want in the list, verify that the VPC has been set up in Amazon Virtual Private Cloud and that you have IAM permissions to view the VPC. 1. For **Subnet**, choose the VPC subnet that you want MediaConnect to use to set up your VPC configuration. You must choose at least one and can choose as many as you want. 1. For **Security groups**, specify the VPC security groups that you want MediaConnect to use to set up your VPC configuration. You must choose at least one security group. 1. For each media stream that you want to add to the flow, do the following: 1. In the **Media streams** section, choose **Add media stream**. 1. In the **Name** field, specify a descriptive name that will help you distinguish this media stream from others in the flow. 1. For **Description**, specify a description that will help you remember the use of this media stream. 1. For **Stream ID**, specify a unique identifier for the media stream. If the source or any of the outputs uses the CDI protocol, specify the value that is expected by the production and playout systems. If the source and all outputs use the ST 2110 JPEG XS protocol, specify a value that is unique to that of other media streams within the flow. 1. Choose **Advanced options** to display the additional options based on your stream type. 1. For specific instructions on the advanced options based on your stream type, choose one of the following tabs: ------ #### [ Audio ] 1. For **Stream type**, choose **Audio**. 1. For **Media clock rate**, specify the sample rate for the stream. This value is measured in Hz. 1. For **Language**, specify the language of the audio. This value should be in a format that the receiver recognizes. 1. For **Channel order**, specify the format of the audio channel. 1. Choose **Add media stream**. ------ #### [ Video ] 1. For **Stream type**, choose **Video**. For many fields, MediaConnect provides a default value that represents the recommended setting. Change the default value if needed. 1. **Media clock rate** is the sample rate for the stream, and is set to 90000. This value is measured in Hz. 1. For **Video format**, specify the resolution of the video. 1. For **Exact framerate**, specify the frame rate of the video. This value should be represented in frames per second. 1. For **Colorimetry**, specify the format that was used for the representation of color in the video. 1. For **Scan mode**, specify the method that was used to scan the incoming video. + Choose **Interlace** if the incoming video is interlaced (for example, 480i or 1080i). + Choose **Progressive** if the incoming video is progressive (for example, 720p or 1080p). + Choose **Progressive segmented frame** if the incoming video is PSF (for example, 1080psf). 1. For **TCS**, specify the transfer characteristic system (TCS) that was used in the video. 1. For **Range**, specify the encoding range of the video. 1. For **PAR**, specify the pixel access ratio (PAR) of the video. 1. Choose **Add media stream**. ------ #### [ Ancillary data ] 1. For **Stream type**, choose **Ancillary data**. 1. **Media clock rate** is the sample rate for the stream, and is set to 90000. This value is measured in Hz. 1. Choose **Add media stream**. ------ 1. Scroll back up to the **Sources** section. 1. Determine which protocol your source uses. 1. For specific instructions based on your protocol, choose one of the following tabs: ------ #### [ CDI ] 1. For **Protocol**, choose **CDI**. 1. For **Description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **Inbound port**, specify the port that the flow will listen on for incoming content. This value can be anything from 1024 to 65535, with the exception of 2077 and 2088 (those ports are reserved for other protocols). 1. For **VPC interface**, choose the name of the VPC interface that you want to use as the source. 1. For each media stream that you want to use as part of the source, do the following. 1. For **Media stream name**, choose the name of the media stream. 1. For **Encoding name**, accept the default value. + For ancillary data streams, the encoding name is **smpte291**. + For audio streams, the encoding name is **pcm**. + For video, the encoding name is **raw**. ------ #### [ ST 2110 JPEG XS ] 1. For **Protocol**, choose **ST 2110 JPEG XS**. 1. For **Description**, enter a description that will remind you later where this source is from. This might be the company name or notes about the setup. 1. For **Max sync buffer**, specify the size of the buffer that you want MediaConnect to use to sync incoming source data. This value is measured in milliseconds (ms). 1. For **VPC interface name 1**, choose one of the VPC interfaces that you want to use as a source. 1. For **VPC interface name 2**, choose a second VPC interface that you want to use as a source. There is no priority between VPC interfaces 1 and 2. 1. For each media stream that you want to use as part of the source, do the following. 1. For **Media stream name**, choose the name of the media stream. 1. For **Encoding name**, accept the default value. + For ancillary data streams, the encoding name is **smpte291**. + For audio streams, the encoding name is **pcm**. + For video, the encoding name is **jxsv**. 1. For **Inbound port**, specify the port that the flow will listen on for incoming content. This value can be anything from 1024 to 65535, with the exception of 2077 and 2088 (those ports are reserved for other protocols). ------ 1. At the bottom of the page, choose **Create flow**. **Note** The flow doesn't start automatically. You must [start the flow](flows-start.md) manually. 1. [Add outputs](outputs-add-vpc.md) to specify where you want your MediaConnect to send the content. ### Create an AWS CDI flow (AWS CLI) AWS CDI flow (AWS CLI) To use the AWS CLI to create a flow, you must use the `create-flow` command. To simplify the flow creation, we suggest you use the `create-flow` command with the `--cli-input-json` option. The `--cli-input-json` option requires you to create a JSON file with the necessary settings for your new flow. Step 1 of this procedure provides an example of one possible way configure this JSON file. For more information about the `create-flow` command and the `--cli-input-json` option, see: [AWS CLI Command Reference create-flow](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/mediaconnect/create-flow.html) 1. Create a JSON file that contains the details of the flow that you want to create. The following example shows the structure for the contents of the file. This example uses a JPEG XS source to create a AWS CDI output with the following attributes: + 2 Amazon VPC interfaces, 1 EFA (Elastic Fabric Adapter) and 1 ENA (Elastic Network Adapter) + 1 video stream, 1 audio stream, and 1 ancillary data stream ``` { "Name": "AwardsShow", "MediaStreams": [ { "Attributes": { "Fmtp": { "Colorimetry": "BT709", "ExactFramerate": "60000/1001", "Par": "1:1", "Range": "NARROW", "ScanMode": "progressive", "Tcs": "SDR" } }, "ClockRate": 90000, "MediaStreamId": 0, "MediaStreamName": "video-stream", "MediaStreamType": "video", "VideoFormat": "1080p" }, { "Attributes": { "Fmtp": { "ChannelOrder": "SMPTE2110.(ST)" } }, "ClockRate": 48000, "MediaStreamId": 1, "MediaStreamName": "audio-stream", "MediaStreamType": "audio" }, { "ClockRate": 90000, "MediaStreamId": 2, "MediaStreamName": "anc-stream", "MediaStreamType": "ancillary-data" } ], "Outputs": [ { "Name": "cdi-output", "Protocol": "cdi", "Description": "cdi-output to medialive", "Destination": "198.51.100.5", "MediaStreamOutputConfigurations": [ { "EncodingName": "raw", "MediaStreamName": "video-stream" }, { "EncodingName": "pcm", "MediaStreamName": "audio-stream" } ], "Port": 5000, "VpcInterfaceAttachment": { "VpcInterfaceName": "efa-name" } } ], "Source": { "Name": "jxs-input", "Protocol": "st2110-jpegxs", "Description": "jxs-input to cdi-output", "MaxSyncBuffer": 100, "MediaStreamSourceConfigurations": [ { "EncodingName": "jxsv", "InputConfigurations": [ { "InputPort": 5011, "Interface": { "Name": "efa-name" } }, { "InputPort": 5011, "Interface": { "Name": "ena-name" } } ], "MediaStreamName": "video-stream" }, { "EncodingName": "pcm", "InputConfigurations": [ { "InputPort": 5001, "Interface": { "Name": "efa-name" } }, { "InputPort": 5001, "Interface": { "Name": "ena-name" } } ], "MediaStreamName": "audio-stream" } ] }, "VpcInterfaces": [ { "Name": "efa-name", "NetworkInterfaceType": "efa", "RoleArn": "arn:aws:iam::111122223333:role/MediaConnectAccessRole", "SecurityGroupIds": [ "sg-1234567890abcdef0" ], "SubnetId": "subnet-abcdef01234567890" }, { "Name": "ena-name", "NetworkInterfaceType": "ena", "RoleArn": "arn:aws:iam::111122223333:role/MediaConnectAccessRole", "SecurityGroupIds": [ "sg-1234567890abcdef0" ], "SubnetId": "subnet-abcdef01234567890" } ] } ``` 1. In the AWS CLI, use the `create-flow` command. ``` aws mediaconnect create-flow --cli-input-json file://filename.json --profile YourProfile ``` The following example shows the return value: ``` { "Flow": { "AvailabilityZone": "us-west-2a", "Description": "jxs-input to cdi-output", "EgressIp": "203.0.113.0", "Entitlements": [], "FlowArn": "arn:aws:mediaconnect:us-west-2:111122223333:flow:1-DwtfUlYOUVABAQNR-c94d84ce4215:AwardsShow", "MediaStreams": [ { "Attributes": { "Fmtp": { "Colorimetry": "BT709", "ExactFramerate": "60000/1001", "Par": "1:1", "Range": "NARROW", "ScanMode": "progressive", "Tcs": "SDR" } }, "ClockRate": 90000, "Fmt": 96, "MediaStreamId": 0, "MediaStreamName": "video-stream", "MediaStreamType": "video", "VideoFormat": "1080p" }, { "Attributes": { "Fmtp": { "ChannelOrder": "SMPTE2110.(ST)" } }, "ClockRate": 48000, "Fmt": 97, "MediaStreamId": 1, "MediaStreamName": "audio-stream", "MediaStreamType": "audio" }, { "ClockRate": 90000, "Fmt": 98, "MediaStreamId": 2, "MediaStreamName": "anc-stream", "MediaStreamType": "ancillary-data" } ], "Name": "AwardsShow", "Outputs": [ { "Description": "cdi-output to medialive", "Destination": "198.51.100.5", "MediaStreamOutputConfigurations": [ { "EncodingName": "raw", "MediaStreamName": "video-stream" }, { "EncodingName": "pcm", "MediaStreamName": "audio-stream" } ], "Name": "cdi-output", "OutputArn": "arn:aws:mediaconnect:us-west-2:111122223333:output:1-DwtfUlYOUVABAQNR-c94d84ce4215:cdi-output", "Port": 5000, "Transport": { "Protocol": "cdi" }, "VpcInterfaceAttachment": { "VpcInterfaceName": "efa-name" } } ], "Source": { "Description": "jxs-input to cdi-output", "MediaStreamSourceConfigurations": [ { "EncodingName": "jxs-input", "InputConfigurations": [ { "InputIp": "203.0.113.1", "InputPort": 5011, "Interface": { "Name": "efa-name" } }, { "InputIp": "203.0.113.2", "InputPort": 5011, "Interface": { "Name": "ena-name" } } ], "MediaStreamName": "video-stream" }, { "EncodingName": "pcm", "InputConfigurations": [ { "InputIp": "203.0.113.3", "InputPort": 5001, "Interface": { "Name": "efa-name" } }, { "InputIp": "203.0.113.4", "InputPort": 5001, "Interface": { "Name": "ena-name" } } ], "MediaStreamName": "audio-stream" } ], "Name": "jxs-input", "SourceArn": "arn:aws:mediaconnect:us-west-2:111122223333:source:1-DwtfUlYOUVABAQNR-c94d84ce4215:jxs-input", "Transport": { "MaxSyncBuffer": 100, "Protocol": "st2110-jpegxs" } }, "Sources": [ { "Description": "jxs-input to cdi-output", "MediaStreamSourceConfigurations": [ { "EncodingName": "jxsv", "InputConfigurations": [ { "InputIp": "203.0.113.173", "InputPort": 5011, "Interface": { "Name": "efa-name" } }, { "InputIp": "203.0.113.114", "InputPort": 5011, "Interface": { "Name": "ena-name" } } ], "MediaStreamName": "video-stream" }, { "EncodingName": "pcm", "InputConfigurations": [ { "InputIp": "203.0.113.173", "InputPort": 5001, "Interface": { "Name": "efa-name" } }, { "InputIp": "203.0.113.114", "InputPort": 5001, "Interface": { "Name": "ena-name" } } ], "MediaStreamName": "audio-stream" } ], "Name": "jxs-input", "SourceArn": "arn:aws:mediaconnect:us-west-2:111122223333:source:1-DwtfUlYOUVABAQNR-c94d84ce4215:jxs-input", "Transport": { "MaxSyncBuffer": 100, "Protocol": "st2110-jpegxs" } } ], "Status": "STANDBY", "VpcInterfaces": [ { "Name": "efa-name", "NetworkInterfaceIds": [ "eni-0ae6ca9ea6673a2a7" ], "NetworkInterfaceType": "efa", "RoleArn": "arn:aws:iam::111122223333:role/MediaConnectAccessRole", "SecurityGroupIds": [ "sg-1234567890abcdef0" ], "SubnetId": "subnet-abcdef01234567890" }, { "Name": "ena-name", "NetworkInterfaceIds": [ "eni-0cbabcf978eeb00a2" ], "NetworkInterfaceType": "ena", "RoleArn": "arn:aws:iam::111122223333:role/MediaConnectAccessRole", "SecurityGroupIds": [ "sg-1234567890abcdef0" ], "SubnetId": "subnet-abcdef01234567890" } ] } } ``` ## Next steps Now that you've created a flow, complete these steps to start delivering your content: + [Add outputs](outputs-add.md) to specify where you want your MediaConnect flow to send your content + [Grant entitlements](entitlements-grant.md) to allow users of other AWS accounts to subscribe to your content + [Start your flow](flows-start.md) to begin content delivery # Creating a flow that uses an NDI® source NDI source You can use MediaConnect to create flows that ingest content from NDI® senders within your VPC. This guide explains how to create and configure a flow with an NDI source in MediaConnect. ## Prerequisites Before you begin, make sure you've completed the following steps: + **Documentation review** Review the [NDI sources](sources-using-ndi.md) documentation to understand the capabilities of this feature. + **Infrastructure setup** Set up your VPC infrastructure with at least one NDI discovery server running, and with NDI senders actively broadcasting content within the VPC. + For VPC setup: You can use the [AWS CloudFormation VPC template](https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html) to automatically create a VPC with public and private subnets. For more information about VPCs, see the [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/). + For NDI discovery server deployment: AWS provides guidance on automated setup across multiple Availability Zones using AWS CloudFormation, including best practices for installation and configuration. For instructions, see [Setting Up NDI Discovery Servers for Broadcast Workflows](https://aws.amazon.com/solutions/guidance/programmatic-deployment-of-ndi-discovery-servers-for-broadcast-workflows-on-aws/). + For security group configuration: We recommend that you configure your security groups with a self-referencing ingress rule and egress rule. You can then attach this security group to the EC2 instances where your NDI servers are running within the VPC. This approach automatically allows all necessary NDI communication between components in your VPC, and all required network traffic is permitted. For guidance, see [Security Group Referencing](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing) in the Amazon VPC User Guide. ## Procedure 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. On the **Flows** page, choose **Create flow**. 1. Configure the basic flow details: + For **Name**, enter a name for your flow. + You can create multiple flows with the same name. However, we encourage you to use unique flow names within an AWS Region to help with organization. + Keep in mind that you can’t change this name after you create the flow. + For **Availability Zone**, choose an Availability Zone for your flow. + If you leave this as **Any**, MediaConnect will assign one based on your VPC subnet. + For **Flow size**, select **Large**. + You can only use NDI sources with large sized flows. + For more information about flow sizes, see [Flow sizes and capabilities](flow-sizes-capabilities.md). 1. Configure your flow source: + For **Source type**, select **NDI Source**. + For **Flow source name**, enter a unique name for the NDI flow source. + Keep in mind that you can't change this name after you create the flow. + For **Flow source description**, enter a description to help you identify this source and its purpose. + (Optional) For **NDI source name**, specify the name of the upstream NDI sender that will send to your flow. You can either: + Leave this field empty for now, and select from a list of discovered sources after starting the flow. + Enter the exact name of an existing NDI sender that's registered with your discovery server (for example, **MACHINE (program)**). 1. Configure the VPC interfaces for your flow: + In the **VPC interface** section, choose Add VPC interface. + For **Name**, enter a unique name for your VPC interface. + For **Role ARN**, specify the Amazon Resource Name (ARN) of the role that you created when you set up MediaConnect as a trusted service. + For VPC, choose the ID of the VPC that you want to use. + If your VPC isn't listed, verify that it's set up in Amazon Virtual Private Cloud and that you have IAM permissions to view it. + For **Subnet**, choose the VPC subnet that you want MediaConnect to use to set up your VPC configuration. You must choose at least one and can choose as many as you want. + For **Security groups**, specify the VPC security groups that you want MediaConnect to use to set up your VPC configuration. You must choose at least one security group. 1. Configure the NDI settings: + Set **Flow NDI support** to **Enabled** if it's not already. + Enter an optional NDI machine name. + This name is used as a prefix to help you identify this flow source as an NDI receiver in your network. For example, if you enter **MACHINENAME**, your flow source will appear to your NDI senders as **MACHINENAME (ProgramName)**. + If you don’t enter a name, MediaConnect generates a unique 12-character ID from the flow's ARN. + Add up to three NDI discovery servers. For each discovery server, provide the following information: + Enter the discovery server IP address (IPv4 format). + Specify a port number if you’re not using the default (5959). + Select the appropriate VPC interface adapter. 1. Configure the encoder settings: + For **Encoder profile name**, choose the encoder profile that you want to apply to your flow outputs. + (Optional) For **Maximum bitrate**, specify the maximum expected bitrate in bits per second (bps). + This setting lets you override the default video bitrate within the profile's supported range (10-50 Mbps). + If left blank, MediaConnect uses the default value of 20,000,000 bps. 1. Configure the monitoring options that you want to enable: 1. Turn on **Thumbnails state** to generate source thumbnails that you can preview in the console. 1. Turn on **Content quality analysis state** to monitor for the following audio and video quality issues. 1. (Optional) Turn on **Black frames** to detect periods of black video frames in the stream. 1. (Optional) Turn on **Frozen frames** to detect periods of unchanging video frames in the stream. 1. (Optional) Turn on **Silent audio** to detect periods of audio silence in the stream. 1. (Optional) Set a duration threshold between 10 and 60 seconds for each metric that you enable. The default is 30 seconds. 1. At the bottom of the page, choose **Create flow**. ## Next steps Now that you've created a flow, complete these steps to start delivering your content: + [Add outputs](outputs-add.md) to specify where you want your MediaConnect flow to send your content + [Start your flow](flows-start.md) to begin content delivery ### Selecting NDI senders after you start your flow When configuring your flow source, you can specify which upstream NDI sender (like a camera or encoder) will provide content to your MediaConnect flow. If you didn't specify this sender during flow creation or want to change it, you can select one after starting your flow. You must start your flow before you can perform this procedure. MediaConnect can only discover and list available NDI senders when the flow is active. **To select or update upstream NDI sources** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. On the **Flows** page, choose the name of the flow that you want to update. 1. Start the flow if it’s not already active. 1. Choose the **Source** tab. 1. Choose the source that you want to update. 1. Choose **Update**. 1. Under **NDI source name**, specify the upstream source that the NDI sender will send to your flow. + Start typing a name in the field. As you type, matching NDI sources from your network will appear in a dropdown list. + Select the NDI source that you want to use from the list. + Choose the refresh button (⟳) to update the list of available NDI sources as needed. 1. Choose **Update** to save your changes. ## Additional resources For more information about source monitoring options for your flow, see the following pages in this guide: + [Viewing thumbnails of the source video](monitor-with-thumbnails.md) + [Monitoring with content quality analysis in AWS Elemental MediaConnect](https://docs.aws.amazon.com/mediaconnect/latest/ug/monitor-content-quality-analysis.html)