Deploying SPEKE - AWS Elemental MediaPackage

Deploying SPEKE

Your digital rights management (DRM) solution provider can help you get set up to use DRM encryption in MediaPackage. Generally, the provider gives you a SPEKE gateway to deploy in your AWS account in the same AWS Region where MediaPackage is running. Along with configuring your origin endpoints with the right encryption settings, you must configure event notifications for the key provider events that MediaPackage is generating as CloudWatch Events. For information about configuring encryption settings for your endpoint, see the applicable section for your protocol: HLS encryption fields, MSS encryption fields, CMAF encryption fields, and DASH encryption fields.

If you must build your own API Gateway to connect MediaPackage to your key service, you can use the SPEKE Reference Server available on GitHub as a starting point.