Granting IAM permissions to your Kantar credentials
When you use AWS Elemental MediaConvert, you specify an IAM service role that grants permissions to the service to access the resources it needs to run your job. For example, your MediaConvert service role grants MediaConvert permissions to read your job input files from Amazon S3. For information about setting up that service role, see Setting up IAM permissions .
To encode Kantar watermarks, add permissions to this service role to grant MediaConvert access to read the AWS Secrets Manager secret that holds your Kantar credentials.
To grant MediaConvert permission to read your Kantar credentials
-
Create a policy that grants permission to read your Secrets Manager secret.
-
Make sure that you have the ARN to the Secrets Manager secret that you created in the previous topic.
-
Open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane on the left, under Access management, choose Policies.
-
Choose Create policy.
-
On the Create policy page, next to Service, choose Choose a service.
-
In the search field, type
secrets
and then choose Secrets Manager from the results. -
In the Filter actions search field, type
GetSecretValue
and then choose GetSecretValue from the results. -
In the Resources section, next to Secret, choose Add ARN.
-
On the Add ARN(s) page, next to Specify ARN for Secret, choose List ARNs manually.
-
In the Type or paste a list of ARNs section, paste the ARN for your Kantar credentials secret that you copied at the end of the procedure in the previous topic.
-
Choose Add.
-
At the bottom of the Create policy page, choose Next: Tags.
-
Choose Next: Review.
-
Under Review policy, for Name type a name that will help you remember the purpose of this policy, such as
GetKantarCreds
. -
Optionally, for Description, jot a note to yourself for later. For example, you might write "This provides MediaConvert permission to read my Kantar credentials."
-
Choose Create policy.
-
-
Attach the policy to your MediaConvert role.
-
In the navigation pane on the left, under Access management, choose Roles.
-
From the list of roles, choose the name of the role that you use with your MediaConvert job. This role is often MediaConvert_Default_Role.
-
On the role Summary page, on the Permissions tab, choose Attach policies.
-
In the search field, type the name of the policy you created, such as
GetKantarCreds
. -
In the results list, choose the check box next to the policy name.
-
Choose Attach policy.
-
On the Summary page for the role, review the list of policies and confirm that your policy that grants permission to get your Kantar credentials appears there.
-