CDN authorization in AWS Elemental MediaPackage
Content Delivery Network (CDN) authorization helps you to protect your content from unauthorized use. When you configure CDN authorization, MediaPackage only fulfills playback requests that are authorized between MediaPackage and your CDN. This prevents users from bypassing the CDN in order to directly access your content on the origin.
How it works
You configure your CDN, such as Amazon CloudFront, to include a custom HTTP header in content requests to MediaPackage.
Custom HTTP header and example value.
X-MediaPackage-CDNIdentifier:
9ceebbe7-9607-4552-8764-876e47032660
You store the header value as a secret in AWS Secrets Manager. When your CDN sends a playback request, MediaPackage verifies that the secret's value matches the custom HTTP header value. MediaPackage is given permission to read the secret with an AWS Identity and Access Management permissions policy and role.
Secret key and example value.
{“MediaPackageCDNIdentifier”: "
9ceebbe7-9607-4552-8764-876e47032660
"}
If the values match, MediaPackage serves the content along with an HTTP 200
OK
status code. If it's not a match, or if the authorization request fails,
then MediaPackage doesn't serve the content, and sends an HTTP 403
Unauthorized
status code.
The following image shows successful CDN authorization using Amazon CloudFront.
For step-by-step instructions on how to set up CDN authorization, see Setting up CDN authorization.