Media is intellectual property of the owner. Owners would like to protect the content to monetize the content. JWT Token authorization, signed cookies and signed URL are mechanisms to protect content. Signed cookies offer away to restrict viewer access to streaming media content. However, user can block cookies using browser extensions and other means. A cookie based content protection works only when cookies can be enabled on the browser. JTW token based security mechanism overcomes this challenge, but requires user to be signed in using Cognito to work.

If media content is in HTTP Live Streaming (HLS) format, Amazon Elastic Transcoder can be used to generate the playlist and media segments and web application can use JWT Token to authenticate each user. When a user requests a restricted object, the browser forwards the JWT Token in the request, and CloudFront checks the JWT Token attributes to determine whether to allow or restrict access to the HLS stream.

This way, JWT Token helps content owner to protect the content and prevent unathorized downloads. By preventing unautorized downloads, signed cookies help to reduce download cost and reduce revenue leakage.

Technology Stack:

1. S3
2. CloudFront
3. Lambda @ Edge
4. Secrets