Host Unifi Video on AWS Part 1
**_Notice: I am not an official representative or affiliate of Ubiquiti or AWS. The process outlined below represents the high-level steps I used to successfully launch this application myself. As with all technology, they are subject to change at anytime.
My PC was dual-purpose for most of its life existing as a desktop PC and a server for the various functions we needed. As the PC aged I started moving apps to the cloud or other devices. I previously posted about how to Host Plex on AWS and Wasabi. That post explains some of the “whys” behind my decisions for that solution. Another central app is Ubiquiti’s Unifi Video software which runs my security cameras. While similar in architecture it has some key differences. Most notably is the constant bandwidth requirement. Fortunately, I have an unlimited and reliable fiber connection with low latency, so bandwidth isn’t a concern for me making it possible to “lift and shift” it as well. Here are the requirements as I see them:
- A private hosted virtual server off premises so I don’t have to manage hardware.
- A reliable network with the ability to injest multiple 24⁄7 streams from on-prem cameras
- Scalable and reliable storage with cheap ingress and cost to store along with good read performance when required. (This differs from Plex in that it’s more concerned with inbound traffic and short-term viewing than outbound and long-term storage).
- Secure data in transit and when stored.
Step One: Plan the Architecture
In this post I briefly discussed diagramming your service/application. It’s important to know how everything is going to connect and work together to bring about a functioning app. This architecture is relatively simple (just a few end devices, an app server, and backend storage), but a diagram helps think about account permissions and security as well. Here is how my diagram looks:
From this diagram we can see that we are going to need to create an EC2 instance, S3 bucket with a bucket policy, Security Group, and an IAM role with attached policy. Using rclone also means we need an rclone config file and a systemd service. Any other requirements we might need will come from the application itself.
Step Two is Creating the IAM roles and policies…