Posted On: Apr 11, 2024

Starting today, customers can protect their AWS Elemental MediaPackage origins by using CloudFront Origin Access Control (OAC) to only allow access from designated CloudFront distributions.

Customers use AWS Elemental MediaPackage and CloudFront to deliver live event streaming and 24/7 programming channels at scale. Previously, customers could restrict access to MediaPackage origins to requests from CloudFront IP addresses. Now with OAC, customers have more granular access control to permit origin access only from the customers’ designated CloudFront distributions. Using AWS Signature Version 4 (SigV4), OAC provides robust cryptographic authentication to protect the origin and prevent request tampering.

CloudFront OAC now supports Elemental MediaPackage origins worldwide, except in the CloudFront China region. To get started, use the CloudFront Console, SDK, CLI, or CloudFormation to enable OAC when configuring your MediaPackage v2 endpoint with CloudFront. For more information, refer to the CloudFront Developer Guide. There are no additional fees associated with this feature. To learn more about CloudFront, visit the CloudFront Getting Started page.