Architecture

Adaptive bitrate live streaming pipeline

A live ABR pipeline assembled one layer at a time - from one RTMP ingest to ten million quality-matched viewers. Arrow keys or click to advance.

Contribution-grade ingest with a redundant path

flowchart LR BC([Broadcaster Encoder]) -->|SRT primary| MC1[MediaConnect Flow A] BC -->|SRT backup| MC2[MediaConnect Flow B] MC1 --> ML[MediaLive Input A] MC2 --> ML2[MediaLive Input B]

A broadcaster sends one stream over SRT or RTMP. Premium contribution rides MediaConnect for ARQ packet recovery, with two source flows into two MediaLive input endpoints - so a primary-input drop fails over seamlessly while keeping the same output timeline.

Transcode the ABR ladder and package the origin

flowchart LR BC([Broadcaster]) --> MC[MediaConnect] MC --> ML[MediaLive ABR Ladder\n160p to 1080p60] ML --> MP[MediaPackage Origin] MP --> S3[(S3 Segment Store)] MP --> MAN[(Manifest HLS and DASH)]

A MediaLive channel transcodes one source into a 6-rendition keyframe-aligned ladder (160p to 1080p60 plus source). MediaPackage packages HLS, DASH and CMAF manifests on the fly and writes immutable segments to S3-backed storage.

Deliver to viewers through the CDN

flowchart LR BC([Broadcaster]) --> MC[MediaConnect] --> ML[MediaLive] ML --> MP[MediaPackage] MP --> S3[(S3 Segments)] MP --> CF[CloudFront] CF -->|segment TTL dur+10s| V([10M Viewers]) CF -->|manifest TTL 1s| V

CloudFront fronts MediaPackage. Immutable segments cache for duration plus 10s; the mutable manifest gets a ~1s TTL with request collapsing so the live-edge heartbeat stays fresh without crushing the origin. Each viewer independently picks its rendition.

Redundancy - dual pipelines and Origin Shield

flowchart TD BC([Broadcaster]) --> MC[MediaConnect] subgraph ENC[Transcode - dual pipeline] MC --> P0[MediaLive Pipeline 0 - AZ a] MC --> P1[MediaLive Pipeline 1 - AZ b] end P0 --> MP[MediaPackage Origin] P1 --> MP MP --> S3[(S3 Segments)] subgraph DEL[Delivery] MP --> OS[CloudFront Origin Shield] OS --> CF[CloudFront ~600 POPs] end CF --> V([10M Viewers])

MediaLive Standard runs two AZ-isolated pipelines so a transcoder restart never reaches the manifest. CloudFront Origin Shield collapses ~600 POP fetches into one origin fetch per segment, making origin load independent of audience size.

Security, DRM and per-tenant isolation

flowchart TD BC([Broadcaster]) --> MC[MediaConnect] MC --> ML[MediaLive Standard] ML --> MP[MediaPackage] KMS[(KMS Content Keys)] -->|SPEKE DRM| MP MP --> S3[(S3 Segments)] MP --> OS[Origin Shield] OS --> WAF[AWS WAF] WAF --> CF[CloudFront] CF -->|signed cookie and geo check| V([Viewers]) CF --> DDB[(DynamoDB plus Global Tables)]

AWS WAF plus CloudFront signed cookies and geo-restriction gate access; the DRM license endpoint validates a signed token before issuing keys. MediaPackage encrypts segments via a SPEKE key provider with keys in KMS. Per-tenant ABAC tags every resource; viewer sessions and PII live in DynamoDB on-demand with Global Tables and a TTL.

The full system with failure detection

flowchart TD BC([Broadcaster Encoder]) --> MC[MediaConnect dual flow] subgraph ENC[Transcode] MC --> P0[MediaLive Pipeline 0] MC --> P1[MediaLive Pipeline 1] end P0 --> MP[MediaPackage] P1 --> MP KMS[(KMS)] -->|SPEKE| MP MP --> S3[(S3 Segments)] subgraph DEL[Delivery] MP --> OS[Origin Shield] OS --> CF[CloudFront plus CF Functions breaker] end CF --> V([10M Viewers]) CF --> DDB[(DynamoDB plus Global Tables)] CF -->|edge manifest-age| CW[CloudWatch] CW -->|alarm| EB[EventBridge] EB --> LF[Lambda failover] LF -->|promote standby and repoint| MP

The complete pipeline end to end on managed AWS. A manifest-age signal computed at the edge feeds CloudWatch; an alarm fires EventBridge to a Lambda that promotes the standby channel and repoints the origin group. A CloudFront Functions circuit breaker serves a slate when the origin is dying. Only the broadcaster's encoder lives outside AWS.