Rules and constraints

The following rules apply to channel security groups:

Maximum one per channel – You can attach at most one channel security group to a channel.
Required for SRT outputs in listener mode – If your channel includes at least one SRT output configured in listener mode, you must attach a channel security group to the channel.
Not allowed without SRT outputs in listener mode – You cannot attach a channel security group to a channel that has no SRT outputs configured in listener mode.
Not supported for MediaLive Anywhere – Channel security groups cannot be used with AWS Elemental MediaLive Anywhere channels.
Not supported for VPC channels – Channel security groups cannot be used with channels that have VPC output delivery configured.
Cannot change on running channel – You can add, change, or remove a channel security group only when the channel is stopped.
Input security group must exist – The input security group you select must already exist in your account before you can use it as a channel security group.
Automatic updates – When you update the CIDR rules in an input security group, those changes automatically apply to all channels using that input security group as a channel security group. You don't need to restart the channels.
Cannot delete in-use input security group – You cannot delete an input security group if it is being used as a channel security group by any channel. You must first remove the channel security group from all channels, or delete those channels.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

How channel security groups work

Setting up a channel security group