AWS Security ChangesHomeSearch

AWS mediapackage high security documentation change

Service: mediapackage · 2025-07-18 · Security-related high

File: mediapackage/latest/userguide/security_iam_service-with-iam.md

Summary

Added documentation for new 'mediapackagev2:RequestHasMatchingCdnAuthHeader' condition key with implementation example

Security assessment

Introduces a security control mechanism requiring CDN authentication headers for media access. The condition key enables enforcement of request validation, directly addressing authorization vulnerabilities by tying access to cryptographic validation of requests.

Diff

diff --git a/mediapackage/latest/userguide/security_iam_service-with-iam.md b/mediapackage/latest/userguide/security_iam_service-with-iam.md
index eec390b37..466c68b05 100644
--- a//mediapackage/latest/userguide/security_iam_service-with-iam.md
+++ b//mediapackage/latest/userguide/security_iam_service-with-iam.md
@@ -135,0 +136,21 @@ To see a list of MediaPackage condition keys, see [Condition keys for AWS Elemen
+The `mediapackagev2:RequestHasMatchingCdnAuthHeader` condition key is a Boolean type key that you can use to control access based on whether a request has a matching CDN authentication header. This condition key is useful when implementing CDN authorization as described in [Secure MediaPackage content with CDN authorization](./cdn-auth.html). You can use this condition key in your IAM policies to allow or deny actions based on the presence of a valid CDN authentication header in the request.
+
+For example, you can create a policy that allows access to content only when the request includes a valid CDN authentication header:
+    
+    
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "mediapackagev2:GetObject",
+          "Resource": "*",
+          "Condition": {
+            "Bool": {
+              "mediapackagev2:RequestHasMatchingCdnAuthHeader": "true"
+            }
+          }
+        }
+      ]
+    }
+