AWS Security ChangesHomeSearch

AWS mediatailor high security documentation change

Service: mediatailor · 2025-07-01 · Security-related high

File: mediatailor/latest/ug/origin-sigv4.md

Summary

Added explicit HTTPS requirement enforcement and updated terminology from 'top-level manifests' to 'multivariant playlists' in IAM permissions

Security assessment

The change explicitly mandates HTTPS communication and prohibits HTTP, which strengthens transport security by preventing unencrypted traffic. This addresses potential security risks associated with unencrypted HTTP connections.

Diff

diff --git a/mediatailor/latest/ug/origin-sigv4.md b/mediatailor/latest/ug/origin-sigv4.md
index bd3606278..0a73d70c3 100644
--- a//mediatailor/latest/ug/origin-sigv4.md
+++ b//mediatailor/latest/ug/origin-sigv4.md
@@ -9 +9 @@ MediaTailor Channel Assembly requirementsAmazon S3 requirementsMediaPackage requ
-Signature Version 4 (SigV4) is a signing protocol used to authenticate MediaTailor requests to supported origins over HTTPS. With SigV4 signing, MediaTailor includes a signed authorization header in the HTTPS origin request to MediaTailor Channel Assembly, Amazon S3 and AWS Elemental MediaPackage version 2. 
+Signature Version 4 (SigV4) is a signing protocol used to authenticate MediaTailor requests to supported origins over HTTPS. MediaTailor only supports HTTPS communication and does not allow HTTP connections. With SigV4 signing, MediaTailor includes a signed authorization header in the HTTPS origin request to MediaTailor Channel Assembly, Amazon S3 and AWS Elemental MediaPackage version 2. 
@@ -21 +21 @@ If you use SigV4 to protect your MediaTailor Channel Assembly origin, the follow
-  * Your origin must be configured to use HTTPS. If HTTPS is not enabled at the origin, MediaTailor will not sign the request.
+  * Your origin must be configured to use HTTPS. MediaTailor only supports HTTPS communication and does not allow HTTP connections. If HTTPS is not enabled at the origin, MediaTailor will not sign the request.
@@ -27 +27 @@ If you use SigV4 to protect your MediaTailor Channel Assembly origin, the follow
-    * IAM permissions **mediatailor:GetManifest** to read all top-level manifests referenced by the MediaTailor configuration.
+    * IAM permissions **mediatailor:GetManifest** to read all multivariant playlists referenced by the MediaTailor configuration.
@@ -66 +66 @@ If you use SigV4 to protect your Amazon S3 origin, the following requirements mu
-  * Your origin must be configured to use HTTPS. If HTTPS is not enabled at the origin, MediaTailor will not sign the request.
+  * Your origin must be configured to use HTTPS. MediaTailor only supports HTTPS communication and does not allow HTTP connections. If HTTPS is not enabled at the origin, MediaTailor will not sign the request.
@@ -113 +113 @@ If you use SigV4 to protect your MediaPackage v2 origin, the following requireme
-  * Your origin must be configured to use HTTPS. If HTTPS is not enabled at the origin, MediaTailor will not sign the request.
+  * Your origin must be configured to use HTTPS. MediaTailor only supports HTTPS communication and does not allow HTTP connections. If HTTPS is not enabled at the origin, MediaTailor will not sign the request.
@@ -119 +119 @@ If you use SigV4 to protect your MediaPackage v2 origin, the following requireme
-    * IAM permissions **mediapackagev2:GetObject** to read all top-level manifests referenced by the MediaTailor configuration.
+    * IAM permissions **mediapackagev2:GetObject** to read all multivariant playlists referenced by the MediaTailor configuration.