User access for the simple option

Read this section if you decided that the simple option for the trusted entity is appropriate to your deployment. With this option, users work with trusted entity using only the MediaLiveAccessRole role.

Before you read this section, you should read the IAM permissions for MediaLive as a trusted entity, so that you understand how the trusted entity works, and so that you know whether your organization uses the simple option or the complex option.

For users to work in the IAM Role section on the Channel and input details pane, they must be able to select options on this pane. The following screenshot shows the IAM Role section as it appears when you start to create a channel.

You must give users the access described in the following table. All the actions are in the IAM service.

Field on the console	Description	Actions
Select Use existing role	Users must be able to select `MediaLiveAccessRole` from the selection field that accompanies the Use existing role field.	`ListRole` `PassRole`
Select Create role from template option	Users must be able to select the Create role from template field. (The role needs to be created only once, by the first user to create a channel. But it is easiest to give these permissions to all users.)	`CreateRole` `PutRolePolicy` `AttachRolePolicy`
Select Specify custom role ARN	Users don't need to be able to select this field. They will use `MediaLiveAccessRole`. They will never use a custom role.	None
Select Update	Users must be able to select this button so that MediaLive updates the `MediaLiveAccessRole` with new permissions. Permissions must sometimes be added to the role when a new feature is added to MediaLive.	`GetRolePolicy` `PutRolePolicy` `AttachRolePolicy`

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

IAM

User access for the complex option