S3 Transfer Acceleration Activation

Flow Production Tracking is now using Amazon S3 Transfer Acceleration Service to speed up media transfers between S3 and your studio.

While the activation of this service should be transparent, it could impact your studio under specific circumstances.

How could I be impacted?

You could be impacted if your studio has internet restriction policies in place. If you cannot browse the internet freely from your workstation, this is a good indication that some sort of internet restriction policies are in place. If this is the case, you may have issues accessing the media stored on S3 after the activation.

The most popular IP restriction policies are firewall IP allowlisting, proxying, and usage of a gateway.

A note on Flow Production Tracking S3 Proxy

Some sites are configured to proxy S3 through Flow Production Tracking servers. S3 Acceleration won’t be activated in that case, and the S3 Transfer Acceleration cannot impact your site. S3 traffic routed through the S3 proxy is coming from http://proxy-sg-media-usor-01.shotgunstudio.com.

As a reminder, using the Flow Production Tracking S3 Proxy prevents you from benefiting from our Web Acceleration service. You may want to contact support to enquire about the alternatives...

How do I test if I’ll be impacted?

Using a browser

Try to browse to the following URL:

http://sg-media-usor-01.s3-accelerate.amazonaws.com/

If you receive an XML response stating “Access Denied”, you won't be impacted

Using a terminal on Mac/Unix

Type in the following command:

curl http://sg-media-usor-01.s3-accelerate.amazonaws.com

If you receive an XML response stating “Access Denied”, you won't be impacted

Valid response sample

The following response means you won't be impacted:

<?xml version="1.0" encoding="UTF-8"?>

<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>24A907D6156AC0CF</RequestId><HostId>27vSR/IzlrOPsZl9H0hhFICdz0ZKHsZvBlSvYyAwc8ih1nypGSjXKK/zmV2Kf/1VbRVdf7EBeYc=</HostId></Error>

What should I do if my studio has internet restriction policies?

You will have to add new IP ranges to your allowlist. S3 Transfer Acceleration is running behind CloudFront. Therefore, all CloudFront IP ranges must be granted access.

See docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html for a list of current AWS IP ranges. AMAZON and CLOUDFRONT IP ranges should be granted access.

What should I do if my studio is using a gateway?

To restrict traffic to Flow Production Tracking, we recommend putting in place a gateway as it is simpler to manage than to grant all dynamic IPs access from Amazon and our Acceleration Service, CDNetworks.

To allow traffic to S3 Transfer Acceleration service, make sure you update the gateway configuration for the shotgun_s3_proxy with the S3 Transfer Acceleration URL:

Standard URL: sg-media-usor-01.amazonaws.com

Accelerated URL: sg-media-usor-01.s3-accelerate.amazonaws.com