AWS mediapackage medium security documentation change
Summary
Added documentation for DRM settings parameter to exclude session keys from HLS multivariant playlists
Security assessment
Excluding session keys from the multivariant playlist reduces exposure of encryption keys to unauthorized clients, addressing potential security risks related to key pre-fetching or legacy client compatibility. This directly impacts content access control.
Diff
diff --git a/mediapackage/latest/userguide/manifest-filter-query-parameters.md b/mediapackage/latest/userguide/manifest-filter-query-parameters.md index 271179f4f..285697e9a 100644 --- a//mediapackage/latest/userguide/manifest-filter-query-parameters.md +++ b//mediapackage/latest/userguide/manifest-filter-query-parameters.md @@ -266,0 +267,8 @@ If you're using this parameter with I-frame only trick-play, `trickplay_height` +DRM | `aws.drmsettings` | + + * Controls DRM-related settings for HLS manifests. Currently supports excluding session keys from the multivariant playlist. + * **Accepted values** : `exclude_session_keys` \- Removes `EXT-X-SESSION-KEY` tags from the multivariant playlist while preserving key information in individual media playlists. + * **Use case** : Useful for legacy clients that have issues with session key pre-fetching or when using manifest filtering to control access to specific content variants. + * **Scope** : Only applies to HLS manifests. Ignored for DASH manifests. + +| `stream.m3u8?aws.drmsettings=exclude_session_keys`