User access for the simple option
Read this section if you decided that the simple option for the trusted entity is appropriate to your deployment. With this option, users work with trusted entity using only the MediaLiveAccessRole role.
Before you read this section, you should read the IAM permissions for MediaLive as a trusted entity, so that you understand how the trusted entity works, and so that you know whether your organization uses the simple option or the complex option.
For users to work in the IAM Role section on the Channel and input details pane, they must be able to select options on this pane. The following screenshot shows the IAM Role section as it appears when you start to create a channel.
You must give users the access described in the following table. All the actions are in the IAM service.
Field on the console | Description | Actions |
---|---|---|
Select Use existing role | Users must be able to select MediaLiveAccessRole from
the selection field that accompanies the Use existing
role field. |
|
Select Create role from template option |
Users must be able to select the Create role from
template field. (The role needs to be created only once, by the first user to create a channel. But it is easiest to give these permissions to all users.) |
|
Select Specify custom role ARN | Users don't need to be able to select this field. They will use
MediaLiveAccessRole . They will never use a custom
role. |
None |
Select Update | Users must be able to select this button so that MediaLive updates the
MediaLiveAccessRole with new permissions. Permissions must
sometimes be added to the role when a new feature is added to
MediaLive. |
|