Secrets Manager access for CDN authorization
If you use content delivery network (CDN) authorization headers to restrict access to your endpoints in MediaPackage, you need a policy that allows you to do these things in Secrets Manager:
-
GetSecretValue
- MediaPackage can retrieve the encrypted authorization code from a version of the secret. -
DescribeSecret
- MediaPackage can retrieve the details of the secret, excluding encrypted fields. -
ListSecrets
- MediaPackage can retrieve a list of secrets in the AWS account. -
ListSecretVersionIds
: MediaPackage can retrieve all of the versions that are attached to the specified secret.
Note
You don't need a separate policy for each secret that you store in Secrets Manager. If you create a policy like the one described in the following procedure, MediaPackage can access all secrets in your account in this Region.
To use the JSON policy editor to create a policy
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation column on the left, choose Policies.
If this is your first time choosing Policies, the Welcome to Managed Policies page appears. Choose Get Started.
-
At the top of the page, choose Create policy.
-
Choose the JSON tab.
-
Enter the following JSON policy document, replacing
region
,account-id
,secret-name
, androle-name
with your own information:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds" ], "Resource": [ "arn:aws:secretsmanager:
region
:account-id
:secret:secret-name
" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:PassRole" ], "Resource": "arn:aws:iam::account-id
:role/role-name
" } ] } -
Choose Review policy.
Note
You can switch between the Visual editor and JSON tabs any time. However, if you make changes or choose Review policy in the Visual editor tab, IAM might restructure your policy to optimize it for the visual editor. For more information, see Policy restructuring in the IAM User Guide.
-
On the Review policy page, enter a Name and an optional Description for the policy that you are creating. Review the policy Summary to see the permissions that are granted by your policy. Then choose Create policy to save your work.