AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-16 · Documentation low

File: cli/latest/reference/mediaconvert/create-job.md

Summary

Changed minimum video generator input duration from 50 to 1 millisecond

Security assessment

Parameter range adjustment with no security context provided. This appears to be a functional change rather than a security fix.

Diff

diff --git a/cli/latest/reference/mediaconvert/create-job.md b/cli/latest/reference/mediaconvert/create-job.md
index ada58ac82..1239c2a82 100644
--- a//cli/latest/reference/mediaconvert/create-job.md
+++ b//cli/latest/reference/mediaconvert/create-job.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.35 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.37 Command Reference](../../index.html) »
@@ -2560 +2560 @@ JSON Syntax:
->>>>> Specify the duration, in milliseconds, for your video generator input. Enter an integer from 50 to 86400000.
+>>>>> Specify the duration, in milliseconds, for your video generator input. Enter an integer from 1 to 86400000.
@@ -2564 +2564 @@ JSON Syntax:
->>>>>   * min: `50`
+>>>>>   * min: `1`
@@ -8802,0 +8803,23 @@ JSON Syntax:
+>>>>>>> 
+>>>>>>> C2paManifest -> (string)
+>>>>>>>
+>>>>>>>> When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see <https://c2pa.org/specifications/specifications/2.1/index.html>
+>>>>>>>> 
+>>>>>>>> Possible values:
+>>>>>>>> 
+>>>>>>>>   * `INCLUDE`
+>>>>>>>>   * `EXCLUDE`
+>>>>>>>> 
+
+>>>>>>> 
+>>>>>>> CertificateSecret -> (string)
+>>>>>>>
+>>>>>>>> Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer’s certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: <https://opensource.contentauthenticity.org/docs/manifest/signing-manifests>
+>>>>>>>> 
+>>>>>>>> Constraints:
+>>>>>>>> 
+>>>>>>>>   * min: `1`
+>>>>>>>>   * max: `2048`
+>>>>>>>>   * pattern: `^(arn:[a-z-]+:secretsmanager:[\w-]+:\d{12}:secret:)?[a-zA-Z0-9_\/_+=.@-]*$`
+>>>>>>>> 
+
@@ -8868,0 +8892,11 @@ JSON Syntax:
+>>>>>>> 
+>>>>>>> SigningKmsKey -> (string)
+>>>>>>>
+>>>>>>>> Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key.
+>>>>>>>> 
+>>>>>>>> Constraints:
+>>>>>>>> 
+>>>>>>>>   * min: `1`
+>>>>>>>>   * pattern: `^(arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\d{12}:key/)?[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}|mrk-[a-fA-F0-9]{32}$`
+>>>>>>>> 
+
@@ -9917,0 +9952,11 @@ JSON Syntax:
+>>>>>>> 
+>>>>>>> C2paManifest -> (string)
+>>>>>>>
+>>>>>>>> When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see <https://c2pa.org/specifications/specifications/2.1/index.html>
+>>>>>>>> 
+>>>>>>>> Possible values:
+>>>>>>>> 
+>>>>>>>>   * `INCLUDE`
+>>>>>>>>   * `EXCLUDE`
+>>>>>>>> 
+
@@ -9928,0 +9974,12 @@ JSON Syntax:
+>>>>>>> 
+>>>>>>> CertificateSecret -> (string)
+>>>>>>>
+>>>>>>>> Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer’s certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: <https://opensource.contentauthenticity.org/docs/manifest/signing-manifests>
+>>>>>>>> 
+>>>>>>>> Constraints:
+>>>>>>>> 
+>>>>>>>>   * min: `1`
+>>>>>>>>   * max: `2048`
+>>>>>>>>   * pattern: `^(arn:[a-z-]+:secretsmanager:[\w-]+:\d{12}:secret:)?[a-zA-Z0-9_\/_+=.@-]*$`
+>>>>>>>> 
+
@@ -9972,0 +10030,11 @@ JSON Syntax:
+>>>>>>> 
+>>>>>>> SigningKmsKey -> (string)
+>>>>>>>
+>>>>>>>> Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key.
+>>>>>>>> 
+>>>>>>>> Constraints:
+>>>>>>>> 
+>>>>>>>>   * min: `1`
+>>>>>>>>   * pattern: `^(arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\d{12}:key/)?[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}|mrk-[a-fA-F0-9]{32}$`
+>>>>>>>> 
+
@@ -12226,0 +12295,11 @@ JSON Syntax:
+>>>>>>>> 
+>>>>>>>> FrameControl -> (string)
+>>>>>>>>
+>>>>>>>>> Choose how MediaConvert handles start and end times for input clipping with video passthrough. Your input video codec must be H.264 or H.265 to use IFRAME. To clip at the nearest IDR-frame: Choose Nearest IDR. If an IDR-frame is not found at the frame that you specify, MediaConvert uses the next compatible IDR-frame. Note that your output may be shorter than your input clip duration. To clip at the nearest I-frame: Choose Nearest I-frame. If an I-frame is not found at the frame that you specify, MediaConvert uses the next compatible I-frame. Note that your output may be shorter than your input clip duration. We only recommend this setting for special workflows, and when you choose this setting your output may not be compatible with most players.
+>>>>>>>>> 
+>>>>>>>>> Possible values:
+>>>>>>>>> 
+>>>>>>>>>   * `NEAREST_IDRFRAME`
+>>>>>>>>>   * `NEAREST_IFRAME`
+>>>>>>>>> 
+
@@ -15328,0 +15408,2 @@ JSON Syntax:
+                  "C2paManifest": "INCLUDE"|"EXCLUDE",
+                  "CertificateSecret": "string",
@@ -15334,0 +15416 @@ JSON Syntax:
+                  "SigningKmsKey": "string",
@@ -15446,0 +15529 @@ JSON Syntax:
+                  "C2paManifest": "INCLUDE"|"EXCLUDE",
@@ -15447,0 +15531 @@ JSON Syntax:
+                  "CertificateSecret": "string",
@@ -15451,0 +15536 @@ JSON Syntax:
+                  "SigningKmsKey": "string",
@@ -15678,0 +15764 @@ JSON Syntax:
+                    "FrameControl": "NEAREST_IDRFRAME"|"NEAREST_IFRAME",
@@ -18713 +18799 @@ Job -> (structure)
->>>>>> Specify the duration, in milliseconds, for your video generator input. Enter an integer from 50 to 86400000.
+>>>>>> Specify the duration, in milliseconds, for your video generator input. Enter an integer from 1 to 86400000.
@@ -18717 +18803 @@ Job -> (structure)
->>>>>>   * min: `50`
+>>>>>>   * min: `1`
@@ -24955,0 +25042,23 @@ Job -> (structure)
+>>>>>>>> 
+>>>>>>>> C2paManifest -> (string)
+>>>>>>>>
+>>>>>>>>> When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see <https://c2pa.org/specifications/specifications/2.1/index.html>
+>>>>>>>>> 
+>>>>>>>>> Possible values:
+>>>>>>>>> 
+>>>>>>>>>   * `INCLUDE`
+>>>>>>>>>   * `EXCLUDE`
+>>>>>>>>> 
+
+>>>>>>>> 
+>>>>>>>> CertificateSecret -> (string)
+>>>>>>>>
+>>>>>>>>> Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer’s certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: <https://opensource.contentauthenticity.org/docs/manifest/signing-manifests>
+>>>>>>>>> 
+>>>>>>>>> Constraints:
+>>>>>>>>> 
+>>>>>>>>>   * min: `1`
+>>>>>>>>>   * max: `2048`
+>>>>>>>>>   * pattern: `^(arn:[a-z-]+:secretsmanager:[\w-]+:\d{12}:secret:)?[a-zA-Z0-9_\/_+=.@-]*$`
+>>>>>>>>> 
+
@@ -25021,0 +25131,11 @@ Job -> (structure)
+>>>>>>>> 
+>>>>>>>> SigningKmsKey -> (string)
+>>>>>>>>
+>>>>>>>>> Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key.
+>>>>>>>>> 
+>>>>>>>>> Constraints:
+>>>>>>>>> 
+>>>>>>>>>   * min: `1`
+>>>>>>>>>   * pattern: `^(arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\d{12}:key/)?[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}|mrk-[a-fA-F0-9]{32}$`
+>>>>>>>>> 
+
@@ -26070,0 +26191,11 @@ Job -> (structure)
+>>>>>>>> 
+>>>>>>>> C2paManifest -> (string)
+>>>>>>>>
+>>>>>>>>> When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see <https://c2pa.org/specifications/specifications/2.1/index.html>
+>>>>>>>>> 
+>>>>>>>>> Possible values:
+>>>>>>>>> 
+>>>>>>>>>   * `INCLUDE`
+>>>>>>>>>   * `EXCLUDE`
+>>>>>>>>> 
+
@@ -26081,0 +26213,12 @@ Job -> (structure)
+>>>>>>>> 
+>>>>>>>> CertificateSecret -> (string)
+>>>>>>>>
+>>>>>>>>> Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer’s certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: <https://opensource.contentauthenticity.org/docs/manifest/signing-manifests>
+>>>>>>>>> 
+>>>>>>>>> Constraints:
+>>>>>>>>> 
+>>>>>>>>>   * min: `1`
+>>>>>>>>>   * max: `2048`
+>>>>>>>>>   * pattern: `^(arn:[a-z-]+:secretsmanager:[\w-]+:\d{12}:secret:)?[a-zA-Z0-9_\/_+=.@-]*$`
+>>>>>>>>> 
+
@@ -26125,0 +26269,11 @@ Job -> (structure)
+>>>>>>>> 
+>>>>>>>> SigningKmsKey -> (string)
+>>>>>>>>
+>>>>>>>>> Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key.
+>>>>>>>>> 
+>>>>>>>>> Constraints:
+>>>>>>>>> 
+>>>>>>>>>   * min: `1`
+>>>>>>>>>   * pattern: `^(arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\d{12}:key/)?[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}|mrk-[a-fA-F0-9]{32}$`
+>>>>>>>>> 
+
@@ -28379,0 +28534,11 @@ Job -> (structure)
+>>>>>>>>> 
+>>>>>>>>> FrameControl -> (string)
+>>>>>>>>>
+>>>>>>>>>> Choose how MediaConvert handles start and end times for input clipping with video passthrough. Your input video codec must be H.264 or H.265 to use IFRAME. To clip at the nearest IDR-frame: Choose Nearest IDR. If an IDR-frame is not found at the frame that you specify, MediaConvert uses the next compatible IDR-frame. Note that your output may be shorter than your input clip duration. To clip at the nearest I-frame: Choose Nearest I-frame. If an I-frame is not found at the frame that you specify, MediaConvert uses the next compatible I-frame. Note that your output may be shorter than your input clip duration. We only recommend this setting for special workflows, and when you choose this setting your output may not be compatible with most players.
+>>>>>>>>>> 
+>>>>>>>>>> Possible values:
+>>>>>>>>>> 
+>>>>>>>>>>   * `NEAREST_IDRFRAME`
+>>>>>>>>>>   * `NEAREST_IFRAME`