system design · system-design
Design Amazon Prime Video (Streaming + DRM)
Encoding pipeline, CDN, adaptive bitrate, viewing-state durability. Same primitives as Netflix Open Connect plus stricter DRM (PlayReady/Widevine/FairPlay).
Theory
Explanation
Intuition first, formal definition second. Skim the bullets if you already know this; read the prose if you don't.
Same architecture as Netflix Open Connect: encode once → distribute to edge → ABR client. Prime Video adds tighter DRM enforcement (license server per session) and integration with Amazon login + payment.
Pipeline: ingest master → encode (MediaConvert) → package HLS+DASH → encrypt with content key → store on S3 origin → distribute to CloudFront edge POPs. Client requests manifest → control plane auths via Amazon account → issues short-lived DRM license bound to device + session → client decrypts segments client-side. Viewing state (resume position) persists to DynamoDB per (user, title), synced across devices via mobile push.
When to use
Premium streaming where rights holders require DRM. Same template as Apple TV+, Disney+.
When not to
Free-tier or ad-supported with no DRM, skip license server complexity.
flowchart LR Master[Master Video] --> Encode[MediaConvert] Encode --> Ladder[Bitrate Ladder] Ladder --> Pkg[Package · DASH/HLS] Pkg --> S3[(S3 Origin)] S3 --> CF[CloudFront Edge POPs] Client([Client]) --> Auth[Amazon Auth] Auth --> Lic[DRM License Server] Client -->|manifest + license| CF Client -->|segments| CF Client -.resume position.-> Sync[(DynamoDB · viewing state)]
Key insights
- License server is the trust root; segments themselves are public on the edge but useless without the key.
- Per-session licenses with short TTL (24h) limit damage from key extraction.
- Viewing state must update at <2s latency for cross-device handoff (TV → mobile).
- Live streaming uses chunked transfer + lower segment duration (~2s) and re-uses same encoder farm.
- DRM L1 (TEE/Secure Enclave) is required for studios; L3 (software) restricts to 480p.