AWS medialive medium security documentation change
Summary
Added requirement for MediaLive to have `GetSecretValue` permission for SRT caller outputs using Secrets Manager passphrases
Security assessment
Explicitly documents required permissions for accessing encryption secrets during channel operation. Missing this permission could prevent decryption of SRT streams, impacting secure communication.
Diff
diff --git a/medialive/latest/ug/trusted-entity-requirements.md b/medialive/latest/ug/trusted-entity-requirements.md index 26b62045b..5c19ed57b 100644 --- a//medialive/latest/ug/trusted-entity-requirements.md +++ b//medialive/latest/ug/trusted-entity-requirements.md @@ -30,0 +31 @@ Sending thumbnails to an Amazon S3 bucket when a channel is running, if a channe +AWS Secrets Manager | Sending an SRT caller output when a channel is running. SRT caller outputs are always encrypted using a passphrase that is stored in a Secrets Manager secret. | When the channel is running.MediaLive must be able to read the value (the passphrase) stored in the secret. | `GetSecretValue`