AWS::MediaConnect::Flow Encryption

Information about the encryption of the flow.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Algorithm" : String,
  "ConstantInitializationVector" : String,
  "DeviceId" : String,
  "KeyType" : String,
  "Region" : String,
  "ResourceId" : String,
  "RoleArn" : String,
  "SecretArn" : String,
  "Url" : String
}

YAML


  Algorithm: String
  ConstantInitializationVector: String
  DeviceId: String
  KeyType: String
  Region: String
  ResourceId: String
  RoleArn: String
  SecretArn: String
  Url: String

Properties

Algorithm

The type of algorithm that is used for static key encryption (such as aes128, aes192, or aes256). If you are using SPEKE or SRT-password encryption, this property must be left blank.

Required: No

Type: String

Allowed values: aes128 | aes192 | aes256

Update requires: No interruption

ConstantInitializationVector

A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

DeviceId

The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

KeyType

The type of key that is used for the encryption. If you don't specify a keyType value, the service uses the default setting (static-key). Valid key types are: static-key, speke, and srt-password.

Required: No

Type: String

Allowed values: speke | static-key | srt-password

Update requires: No interruption

Region

The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

ResourceId

An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

RoleArn

The Amazon Resource Name (ARN) of the role that you created during setup (when you set up MediaConnect as a trusted entity).

Required: Yes

Type: String

Update requires: No interruption

SecretArn

The ARN of the secret that you created in AWS Secrets Manager to store the encryption key.

Required: No

Type: String

Update requires: No interruption

Url

The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Required: No

Type: String

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::MediaConnect::Flow

FailoverConfig