Skip to main content

AWS Solutions Library

Secure Media Delivery at the Edge on AWS

Protect your premium video content from unauthorized access when delivered through Amazon CloudFront

Open guide
Go to source code

Overview

The Secure Media Delivery at the Edge on AWS solution provides the ability to protect your premium video content from unauthorized access when delivered through Amazon CloudFront. The solution offers an additional layer of security based on individual access tokens added to the delivery URL. Existing or new CloudFront configurations used for Live Streaming and Video on Demand (VOD) workloads can benefit from this solution, whereby streaming operations engineers can control access to video assets by issuing individual tokens for each authorized viewer, verified at the edge by CloudFront Functions.

Benefits

Easily integrate this solution into your existing workflows or add to new ones in a few configuration steps. Implemented as an incremental component, the solution is ready to use without redesigning the CloudFront architecture.
With a wide range of devices and streaming formats, the solution is designed to provide the best possible support coverage. The URL-based token works universally with the clients you use today, and the ones you may need to support tomorrow. 
Presenting secure tokens in the widely-adopted JSON Web Token (JWT) format offers flexibility in construction. Combine multiple viewer attributes and geolocation details provided by CloudFront to restrict playback to only authorized clients. Viewer attributes are not exposed in the token or URL path, ensuring the privacy of your end-users.
Quickly identify playback sessions with irregular traffic patterns suggesting unauthorized distribution of your content. Block playback sessions by reporting corresponding session identifiers, or leverage the automatic workflow offered by the solution to detect and block suspicious sessions. 
The solution seamlessly scales to the highest traffic events via CloudFront Functions. You can depend on the automated workflows implemented by the solution to handle regular key rotation, and process traffic patterns to detect and block sessions with suspicious traffic patterns.

How it works

The following diagram presents the serverless architecture, which you can automatically deploy by either using the solution's implementation guide and accompanying AWS CloudFormation template, or by using the CDK deployment model.

View implementation guide

About this deployment

  • Version: 1.2.6

  • Released: 11/2024

  • Author: AWS

  • Est. deployment time: 10 mins

  • Estimated cost: See details

Deploy with confidence

Everything you need to launch this AWS Solution in your account is right here

We'll walk you through it

Get started fast. Read the implementation guide for deployment steps, architecture details, cost information, and customization options.

Open guide

Let's make it happen

Ready to deploy? Open the CloudFormation template in the AWS Console to begin setting up the infrastructure you need. You'll be prompted to access your AWS account if you haven't yet logged in. 

Launch in the AWS Console

Ready to get started?

Deploy this solution by launching it in your AWS Console

Launch in the AWS Console

Sportall

Sportall revolutionizes the sport video distribution market by transforming every sports rights-holder into a direct-to-consumer provider. “We primarily stream live events, so it’s important to protect our content from being shared through unauthorized channels. We needed an easy to implement solution that provides strong security, and doesn’t impact latency metrics during live streaming. With the Secure Media Delivery at the Edge on AWS solution, Sportall can better control access to the video streams for intended viewers, and also automatically detect and stop piracy activities resulting in mass public viewings of our content. Plus, unlike the alternative approaches we considered, this AWS Solution integrates seamlessly into our existing ecosystem allowing us to evolve it in the future."

Thomas Fayoux, Senior Product Manager

Missing alt text value

Did you find what you were looking for today?

Let us know so we can improve the quality of the content on our pages