Posted On: Feb 9, 2023
Amazon CloudFront enhanced its Origin Access Control (OAC) feature by adding support for AWS Elemental MediaStore. This enables customers to secure MediaStore origins with improved security, allowing only authorized CloudFront distributions to access them. Customers can now enable AWS Signature Version 4 (SigV4) on CloudFront requests for MediaStore origins and set when and if CloudFront should sign the requests.
Customers using AWS Elemental MediaStore and CloudFront to deliver media content previously had to configure both services with shared secrets to restrict access to their MediaStore containers. Although this option works, it presents scalability challenges, since the manual configuration and periodic rotation of secrets were required to follow security best practices. With OAC on MediaStore origins, customers can instruct CloudFront to sign requests using SigV4 and forward them to MediaStore for signature matching, eliminating the need to use and rotate secrets. This ensures that requests are automatically verified before media content is served, making the delivery of media content through Elemental MediaStore and CloudFront simpler and more secure.
CloudFront's Origin Access Control feature for Elemental MediaStore is now available globally, except for AWS China regions. It can be accessed through the CloudFront console, APIs, SDK, or CLI, and there are no additional fees for its use. For more information, please refer to the CloudFront Developer Guide.