AWS::MediaConnect::FlowEntitlement Encryption - AWS CloudFormation

AWS::MediaConnect::FlowEntitlement Encryption

Information about the encryption of the flow.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Algorithm" : String, "ConstantInitializationVector" : String, "DeviceId" : String, "KeyType" : String, "Region" : String, "ResourceId" : String, "RoleArn" : String, "SecretArn" : String, "Url" : String }

YAML

Algorithm: String ConstantInitializationVector: String DeviceId: String KeyType: String Region: String ResourceId: String RoleArn: String SecretArn: String Url: String

Properties

Algorithm

The type of algorithm that is used for static key encryption (such as aes128, aes192, or aes256). If you are using SPEKE or SRT-password encryption, this property must be left blank.

Required: Yes

Type: String

Allowed values: aes128 | aes192 | aes256

Update requires: No interruption

ConstantInitializationVector

A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

DeviceId

The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

KeyType

The type of key that is used for the encryption. If you don't specify a keyType value, the service uses the default setting (static-key). Valid key types are: static-key, speke, and srt-password.

Required: No

Type: String

Allowed values: speke | static-key

Update requires: No interruption

Region

The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

ResourceId

An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

RoleArn

The Amazon Resource Name (ARN) of the role that you created during setup (when you set up MediaConnect as a trusted entity).

Required: Yes

Type: String

Update requires: No interruption

SecretArn

The ARN of the secret that you created in AWS Secrets Manager to store the encryption key.

Required: No

Type: String

Update requires: No interruption

Url

The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption