Alchemy

Appearance

OriginEndpointPolicy ​

The OriginEndpointPolicy resource allows you to manage AWS MediaPackageV2 OriginEndpointPolicys which define access control and routing rules for your media content delivery. This resource is crucial for ensuring secure and efficient streaming of media content.

Minimal Example ​

Create a basic OriginEndpointPolicy with essential properties:

ts
import AWS from "alchemy/aws/control";

const basicPolicy = await AWS.MediaPackageV2.OriginEndpointPolicy("basicPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "mediapackage:DescribeOriginEndpoint",
        Resource: "*"
      }
    ]
  },
  ChannelName: "liveChannel",
  OriginEndpointName: "liveEndpoint",
  ChannelGroupName: "liveChannelGroup"
});

Advanced Configuration ​

Configure an OriginEndpointPolicy with more detailed access control settings and the option to adopt existing resources:

ts
const advancedPolicy = await AWS.MediaPackageV2.OriginEndpointPolicy("advancedPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/MyMediaPackageRole"
        },
        Action: [
          "mediapackage:CreateOriginEndpoint",
          "mediapackage:UpdateOriginEndpoint"
        ],
        Resource: "*"
      }
    ]
  },
  ChannelName: "myLiveChannel",
  OriginEndpointName: "myLiveEndpoint",
  ChannelGroupName: "myChannelGroup",
  adopt: true // Allow adoption of existing resource if present
});

Policy for Restricted Access ​

Define a policy that restricts access to a specific IP range for enhanced security:

ts
const restrictedAccessPolicy = await AWS.MediaPackageV2.OriginEndpointPolicy("restrictedAccessPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Deny",
        Principal: "*",
        Action: "mediapackage:*",
        Resource: "*",
        Condition: {
          "IpAddress": {
            "aws:SourceIp": "192.168.1.0/24"
          }
        }
      }
    ]
  },
  ChannelName: "restrictedChannel",
  OriginEndpointName: "restrictedEndpoint",
  ChannelGroupName: "restrictedChannelGroup"
});

Dynamic Policy Update ​

Implement a policy that can be dynamically updated based on the channel state:

ts
const dynamicPolicy = await AWS.MediaPackageV2.OriginEndpointPolicy("dynamicPolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "mediapackage:GetChannel",
        Resource: "*",
        Condition: {
          "StringEquals": {
            "mediapackage:ChannelState": "ACTIVE"
          }
        }
      }
    ]
  },
  ChannelName: "dynamicChannel",
  OriginEndpointName: "dynamicEndpoint",
  ChannelGroupName: "dynamicChannelGroup"
});