AWS Elemental MediaLive
User Guide

Step 1: Create a Policy

On the IAM console, use the IAM visual editor (policy generator) to create custom policies as applicable. This generator lets you choose the service from a list, and then choose actions from a list. As a best practice, give the policy a name that starts with the service name.

For detailed instructions on creating a policy using the visual editor, see the IAM User Guide.

Create policies for the services that you identified as relevant to your deployment. For each identified service, create a policy as follows:

  • AWS Elemental MediaConnect: Create a policy that gives access to these operations:

    • mediaconnect:ManagedDescribeFlow

    • mediaconnect:ManagedAddOutput

    • mediaconnect:ManagedRemoveOutput

  • Amazon EC2 Parameter Store: You can probably use the existing managed policy called AmazonSSMReadOnlyAccess. ("SSM" refers to the Parameter Store.)

  • Amazon S3: Create a policy that gives access to these operations:

    • s3:ListBucket

    • s3:PutObject

    • s3:GetObject

    • s3:DeleteObject

  • MediaStore: Create a policy that gives access to these operations:

    • mediastore:ListContainers

    • mediastore:DescribeObject

    • mediastore:PutObject

    • mediastore:GetObject

    • mediastore:DeleteObject

  • CloudWatch Logs: Create a policy that gives access to these operations:

    • logs:CreateLogGroup

    • logs:CreateLogStream

    • logs:PutLogEvents

    • logs:PutMetricFilter

    • logs:PutRetentionPolicy

    • logs:DescribeLogStreams

    • logs:DescribeLogGroups

    The policy must also give access to these resources:

    • arn:aws:logs:*

    • arn:aws:log-group:*