AWS Elemental MediaConnect
User Guide

Encryption in Transit

You can protect your content from unauthorized use through encryption. If your source is encrypted, AWS Elemental MediaConnect can decrypt it. In addition, the service can encrypt outputs. You store your encryption keys in AWS Secrets Manager, and then give AWS Elemental MediaConnect permission to obtain the encryption keys from your Secrets Manager account.

Setting Up Encrypted Sources in AWS Elemental MediaConnect

If your source is encrypted, you must save the encryption key in AWS Secrets Manager. You must also make sure that the IAM policy that you created during setup includes this new secret.

Note

Encryption is supported only for sources that use Zixi protocol.

To set up an encrypted source (console)

  1. Obtain the encryption key from the entity that manages the source.

  2. Open the Secrets Manager console at https://console.aws.amazon.com/secrets-manager/.

  3. Store the encryption key in Secrets Manager.

  4. Make a note of the secret ARN from Secrets Manager. You will need this information later in this procedure.

  5. Open the IAM console at https://console.aws.amazon.com/iam/.

  6. Make sure that the IAM policy that you created during setup includes the new secret that you just created.

  7. Open the MediaConnect console at https://console.aws.amazon.com/mediaconnect/.

  8. Create your flow. When you specify the source details, choose to decrypt the source. You will need the ARN of the secret that you created earlier in this procedure.

Setting Up Encrypted Outputs in AWS Elemental MediaConnect

If you want to encrypt your flow output, you must save the encryption key in AWS Secrets Manager. You must also make sure that the IAM policy that you created during setup includes this new secret.

Note

Encryption is supported only for outputs that use Zixi protocol.

To set up an encrypted output (console)

  1. Determine the encryption key that you want to use to encrypt the output.

  2. Open the Secrets Manager console at https://console.aws.amazon.com/secrets-manager/.

  3. Store the encryption key in Secrets Manager.

  4. Make a note of the secret ARN from Secrets Manager. You will need this information later in this procedure.

  5. Open the IAM console at https://console.aws.amazon.com/iam/.

  6. Make sure that the IAM policy that you created during setup includes the new secret that you just created.

  7. Open the MediaConnect console at https://console.aws.amazon.com/mediaconnect/.

  8. Create an output on your flow. When you specify the source details, choose to encrypt the output. You will need the ARN of the secret that you created earlier in this procedure.