AWS Elemental MediaLive
User Guide

Setting Up a Trusted Entity

This permission needs to be assigned only once for all users of the console, AWS CLI, and REST API. There are options for assigning this permission:

  • Using the IAM role fields that appear in the General info pane when the first user starts creating the first channel.

    This option is convenient, but it requires that the console user have read and write access for AWS IAM, because that user will be sending a request to AWS IAM to set up MediaLive as a trusted entity with Amazon EC2 Systems Manager Parameter (and most likely with Amazon S3 and MediaStore, which are two other services that MediaLive probably needs to access on your behalf).

    To set up in this way, see Step 1: Complete the Channel and Input Details. Remember that only one user needs to perform this setup. Subsequent users can choose the existing role.

  • By opening the IAM console and setting up MediaLive as a trusted entity.

    This option also requires access to AWS IAM, but typically an administrator who has this access performs this setup on behalf of all users, before the users start using the console.

    To set up in this way, see Setting Up Permissions for AWS Elemental MediaLive .

Both these options result in the creation of a role and a role ARN that is shared by all users (in the AWS account) of the console, AWS CLI, and REST API. The role is called MediaLiveAccessRole, and the ARN belongs to that role.