CmafEncryption

class aws_cdk.aws_mediapackagev2_alpha.CmafEncryption

Bases: EncryptionConfiguration

(experimental) Encryption configuration for CMAF segments.

Use CmafEncryption.speke() to create an instance.

Stability:

experimental

ExampleMetadata:

infused

Example:

# channel: Channel
# speke_role: iam.IRole
# certificate: certificatemanager.ICertificate


OriginEndpoint(self, "Endpoint",
    channel=channel,
    segment=Segment.cmaf(
        encryption=CmafEncryption.speke(
            method=CmafEncryptionMethod.CBCS,
            drm_systems=[CmafDrmSystem.FAIRPLAY],
            resource_id="my-content-id",
            url="https://example.com/speke",
            role=speke_role,
            certificate=certificate
        )
    ),
    manifests=[Manifest.hls(manifest_name="index")]
)
Stability:

experimental

Static Methods

classmethod speke(*, drm_systems, method, resource_id, role, url, audio_preset=None, certificate=None, constant_initialization_vector=None, exclude_segment_drm_metadata=None, key_rotation_interval=None, video_preset=None)

(experimental) Create a SPEKE-based encryption configuration for CMAF segments.

Parameters:

  • drm_systems (Sequence[CmafDrmSystem]) – (experimental) The DRM systems to use for content protection. CENC supports PlayReady, Widevine, and Irdeto. CBCS supports PlayReady, Widevine, and FairPlay.

  • method (CmafEncryptionMethod) – (experimental) The encryption method to use.

  • resource_id (str) – (experimental) The unique identifier for the content. The service sends this identifier to the key server to identify the current endpoint. How unique you make this identifier depends on how fine-grained you want access controls to be. The service does not permit you to use the same ID for two simultaneous encryption processes.

  • role (IRole) – (experimental) IAM role for accessing the key provider API. This role must have a trust policy that allows MediaPackage to assume the role, and it must have sufficient permissions to access the key retrieval URL.

  • url (str) – (experimental) URL of the SPEKE key provider.

  • audio_preset (Optional[PresetSpeke20Audio]) – (experimental) Audio encryption preset. Default: PresetSpeke20Audio.PRESET_AUDIO_1

  • certificate (Optional[ICertificate]) – (experimental) The ARN of the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption. Default: - no content key encryption

  • constant_initialization_vector (Optional[str]) – (experimental) Constant initialization vector (32-character hex string). A 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting content. Default: - MediaPackage generates the IV

  • exclude_segment_drm_metadata (Optional[bool]) – (experimental) When enabled, DRM metadata is excluded from CMAF segments. Default: false

  • key_rotation_interval (Optional[Duration]) – (experimental) Key rotation interval. Default: - no rotation

  • video_preset (Optional[PresetSpeke20Video]) – (experimental) Video encryption preset. Default: PresetSpeke20Video.PRESET_VIDEO_1

Stability:

experimental

Return type:

CmafEncryption