Deploying SPEKE - AWS Elemental MediaPackage

Deploying SPEKE

Your DRM solution provider can help you get set up to use DRM encryption in MediaPackage. Generally, the provider provides you a SPEKE Gateway to deploy in your AWS account, in the same AWS Region where MediaPackage is running. Along with configuring your origin endpoints with the right encryption settings, you mustconfigure event notifications for the key provider events that MediaPackage is generating as CloudWatch events. For information about configuring encryption settings for your endpoint, see the applicable section for your protocol: HLS encryption fields,, MSS encryption fields, CMAF encryption fields, and DASH encryption fields.

If you need to build your own API Gateway to connect MediaPackage to your key service, you can use the SPEKE Reference Server available on GitHub as a starting point.