Requirements for Secrets Manager secrets
Your deployment might include the following resources:
-
SRT inputs for SRT content that is encrypted by the upstream system.
When the user creates this type of input, they must obtain the encryption passphrase from the operator of the upstream system. The user must then enter the ARN when they create the SRT input in MediaLive. They must either select the ARN from a dropdown list, or type the ARN into a field.
-
AWS Elemental Link hardware devices that are used in MediaLive or in MediaConnect. For more information about permissions for this use case, see Requirements for AWS Elemental Link.
The user needs permissions to perform actions in MediaStore when they use the MediaLive workflow wizard. The user doesn't need special permissions when they use the regular MediaLive console to specify a MediaStore container in a channel.
On the MediaLive console, view Secrets Manager secrets in the dropdown list. This dropdown list appears in the Passphrase secret arn field on the Create Input page, when the user is creating an SRT Caller input.
When a user creates this type of input on the MediaLive console, they have the option to choose the subnet and security group from a dropdown list. For the dropdown list to be populated with the resources in Amazon VPC, the user must have the appropriate permissions. For more information about Amazon VPC inputs, see Creating an input.
Required permissions
Permission to create an ARN
A user with permissions on Secrets Manager must set up the passphrase as a secret, then provide the MediaLive user with the ARN of that secret.
Permission to select a passphrase
For a list of ARNs to appear in the dropdown list on the console, the console user must
have ListSecrets in Secrets Manager. The user can then select an ARN from the list.
Permission to enter an ARN
No special permission is required to enter the passphrase on the AWS Elemental MediaLive console.
