AWS Security ChangesHomeSearch

AWS mediapackage documentation change

Service: mediapackage · 2025-07-18 · Documentation low

File: mediapackage/latest/userguide/cdns.md

Summary

Restructured CDN documentation, removed detailed cache/TTL configuration recommendations and added links to new dedicated pages. Added 'Secure MediaPackage content with CDN authorization' section.

Security assessment

Added reference to CDN authorization documentation which indicates new security-related content. Removed technical details about cache/TTL settings but no evidence of addressing a specific vulnerability.

Diff

diff --git a/mediapackage/latest/userguide/cdns.md b/mediapackage/latest/userguide/cdns.md
index f102ac0d7..42fce011f 100644
--- a//mediapackage/latest/userguide/cdns.md
+++ b//mediapackage/latest/userguide/cdns.md
@@ -5,2 +4,0 @@
-CDN configuration recommendations
-
@@ -13,19 +11 @@ You can use a content delivery network (CDN) such as [Amazon CloudFront](https:/
-## CDN configuration recommendations
-
-To configure your CDN distributions for delivering Apple HLS and low-latency HLS (LL-HLS) streams with MediaPackage, we suggest using the following approach. Ensure that all your usual default parameters in the CDN distribution configuration are compatible with the delivery of HLS and LL-HLS streams with MediaPackage.
-
-### Honor MediaPackage 'cache-control: max-age' values
-
-MediaPackage defines time-to-live (TTL) values for objects either statically or dynamically, depending on the object type. The specific TTLs are listed below, and it's strongly recommended that you honor these values and avoid overriding them at the CDN configuration level.
-
-  * Multivariant playlist (for both regular HLS and LL-HLS) - half the duration of the media segments
-
-  * Media playlists (regular HLS) - half the duration of the media segments
-
-  * Media playlists (LL-HLS) - 1 second
-
-  * TS media segments and init segments - 1209600 seconds (14 days)
-
-  * CMAF media segments and initialization segments - 1209600 seconds (14 days)
-
-
+The following sections provide more information about using a CDN in your MediaPackage workflow.
@@ -32,0 +13 @@ MediaPackage defines time-to-live (TTL) values for objects either statically or
+###### Topics
@@ -34 +15 @@ MediaPackage defines time-to-live (TTL) values for objects either statically or
-### Include specific query strings in your CDN cache key
+  * [CDN configuration recommendations](./cdn-recommendations.html)
@@ -36 +17 @@ MediaPackage defines time-to-live (TTL) values for objects either statically or
-We recommend that you include the following query strings in the CDN cache key. 
+  * [Secure MediaPackage content with CDN authorization](./cdn-auth.html)
@@ -38 +18,0 @@ We recommend that you include the following query strings in the CDN cache key.
-  * `aws.manifestfilter`: used to customize the manifest contents, as described in [Manifest filtering](./manifest-filtering.html).
@@ -40 +19,0 @@ We recommend that you include the following query strings in the CDN cache key.
-  * `aws.manifestsettings`: used to apply time-shifted settings to the manifest contents, as described in [Time-shifted viewing](./time-shifted.html).
@@ -42,18 +20,0 @@ We recommend that you include the following query strings in the CDN cache key.
-  * `_HLS_msn` and `_HLS_part`: used to support LL-HLS playback request logic, as described in the _HTTP Live Streaming Documentation_ [Enabling Low-Latency HTTP Live Streaming (HLS)](https://developer.apple.com/documentation/http-live-streaming/enabling-low-latency-http-live-streaming-hls).
-
-
-
-
-MediaPackage ignores all other query strings. Don't include them in the CDN forward requests.
-
-### Response timeout
-
-LL-HLS uses the Blocking Requests mechanism for both playlists and media parts, which is signaled through the `EXT-X-PRELOAD-HINT` tag. This mechanism puts the origin response on hold until the object is fully available. Consequently, the CDN should also wait for the origin response, and therefore, the response timeout value in your CDN distribution should be at least three times your parts duration.
-
-### Forwarded HTTP headers
-
-You may consider including the Origin header in your CDN forward requests to MediaPackage as the only potentially necessary HTTP request header. In doing so, MediaPackage will respond with an `access-control-allow-origin` header, using the value passed as the Origin header value. If the Origin header is not included in the forward requests, MediaPackage will respond with an `access-control-allow-origin: *` header. Choose the approach that best fits your CORS requirements.
-
-### Forwarded cookies
-
-MediaPackage doesn't consider any cookies that may be sent together with forward requests. Therefore, it's advisable to exclude cookies from CDN forward requests.
@@ -67 +28 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Tagging resources
+Using image media playlists
@@ -69 +30 @@ Tagging resources
-Quotas
+CDN configuration recommendations