AWS AmazonCloudFront medium security documentation change
Summary
Added requirement to include mediapackagev2:GetHeadObject IAM action when using Media Quality Alert Reporting (MQAR) with Origin Access Control (OAC)
Security assessment
The change explicitly documents required IAM permissions for secure HEAD request authorization to MediaPackage v2 origins. Missing this permission could prevent MQAR from functioning properly and might lead to unauthorized access attempts or misconfigured security policies.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/media-quality-score.md b/AmazonCloudFront/latest/DeveloperGuide/media-quality-score.md index 6117e08d2..cbbeb4740 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/media-quality-score.md +++ b//AmazonCloudFront/latest/DeveloperGuide/media-quality-score.md @@ -58,0 +59,2 @@ If CloudFront determines that both MediaPackage v2 origins have the same score, + * If you enabled the MQAR feature and origin access control (OAC), add the `mediapackagev2:GetHeadObject` action to the IAM policy. MQAR requires this permission to send `HEAD` requests to the MediaPackage v2 origin. For more information about OAC, see [Restrict access to an AWS Elemental MediaPackage v2 origin](./private-content-restricting-access-to-mediapackage.html). +