Create a CDI input - MediaLive

Create a CDI input

After the Amazon VPC user has set up on the VPC, you can create the CDI input in MediaLive.

This section describes how to create a regular CDI input. Create this type of input if you don't plan to support automatic input failover for the CDI source attached to the channel. (If you do plan to implement it, create CDI partner inputs instead. )

To create a CDI push input
  1. Open the MediaLive console at

  2. In the navigation pane, choose Inputs. On the Inputs page, choose Create input.

  3. Complete the Input details section:

    • Input name – enter a name.

    • Input type – choose AWS CDI.

  4. Complete the VPC settings section:

    • Choose Select subnets and security groups.

    • For Subnets, choose one of the subnets that you obtained. The dropdown list shows subnets in all VPCs, identified as follows:

      <subnet ID> <Availability Zone of subnet> <IPv4 CIDR block of subnet> <VPC ID> <Subnet tag called "Name", if it exists>

      For example:

      subnet-1122aabb us-west-2a vpc-3f139646 Subnet for MLive push inputs

      If the list of subnets is empty, choose Specify custom VPC, and enter the subnet ID in the field. (You need to enter only the subnet ID, for example, subnet-1122aabb.)

    • In Subnets, choose the second subnet. This second time, the dropdown list shows only the subnets in the same VPC as the first subnet.

    • For Security groups, choose the security group or groups that you obtained, following the same process as for the subnets. The dropdown list shows security groups belonging to the VPC that you chose, identified as follows:

      <security group ID> <description attached to this security group> <VPC ID>

      For example:

      sg-51530134 Security group for MLive push inputs vpc-3f139646

  5. Complete the Role ARN section to choose a role for MediaLive to use with this input. For more information, see IAM role and ARN.

  6. In the Tags section, create tags if you want to associate tags with this input. For more information, see Tagging resources.

  7. Choose Create.

    MediaLive creates the input and automatically creates two endpoints on that input. These endpoints have a private IP address from the subnet range, and they specify port 5000. For example:

  8. Provide the upstream system with these endpoints:

    • If you will set up the channel as a standard channel, provide both endpoints. The upstream system must push the content to both endpoints.

    • If you will set up the channel as a single-pipeline channel, provide only the first endpoint. The upstream system must push to this one endpoint.

IAM role and ARN

This section describes how to complete the Role ARN section on the Create input pane of the MediaLive console.

You must choose a role for MediaLive to assume when it creates an RTP Push input. To create the input, MediaLive must obtain the network interfaces for the two endpoints in the input. These endpoints are in the CIDR range of the subnets that you identified. As soon as you choose Create for this input, MediaLive requests these network interfaces from Amazon VPC. The role that you choose ensures that MediaLive succeeds in its request to Amazon VPC.


This section on the MediaLive console is identical to the IAM role section on the Create channel page (also on the MediaLive console). The difference in the two usages is that on the Create input page, you are attaching the role to the input. On the Create channel page, you are attaching the role to the channel. You can use the same role (for example, the MediaLiveAccessRole) in both usages.

There are two general scenarios for choosing a role, depending on whether your organization has a designated administrator.

Your organization has a designated administrator

Your organization might have an administrator who manages this service. That administrator has likely set up one or more roles:

  • Ask the administrator or your manager which role to use. Or if only one role is listed in Use existing role, choose that role.

  • If the only role that is listed is MediaLiveAccessRole, choose that role. In addition, if the Update button is displayed beside this role name, choose the button. (The button does not always appear, but whenever it does appear, choose it to refresh the role.)

  • If you want the selected role to appear first in the list next time, select Remember ARN.

Your organization has no administrator

Your organization might not have a designated service administrator. In this case, if none of your colleagues have set up a suitable role, you might have to create one yourself and then choose it.

  • You can create the default role, called MediaLiveAccessRole. To first check if someone else has already created this role (only one person needs to create it for all users in your AWS account), look at Create role from template:

    • If this option is grayed out, this task has been done. In that case, choose Use existing role, and then choose MediaLiveAccessRole from the list.

    • If this option is not grayed out, choose Create role from template, and then choose Create IAM role. Next, choose that role from the list. If MediaLive does not let you create the role, speak to an administrator in your organization about your IAM permissions.

  • If the MediaLiveAccessRole has already been created and the Update button is displayed beside it, choose the button. (The button does not always appear, but whenever it does appear, choose it to refresh the role.)

  • If you want the selected role to appear first in the list next time, select Remember ARN.