Step 1. Sign Up for AWS
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
1. Open https://portal.aws.amazon.com/billing/signup.
2. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
Step 2. Create an admin IAM user
When you first create an AWS account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.
In this procedure, you use the AWS account root user to create your first IAM user. You add this IAM user to an Administrators group, to ensure that you have access to all services and their resources in your
Step 3. Create non-admin IAM users
account. The next time that you access your AWS account, you should sign in with the credentials for this IAM user.
To create an IAM user with limited permissions, see Step 3. Create non-admin IAM users (p. 14).
To create an administrator user for yourself and add the user to an administrators group (console)
1. Sign in to the IAM console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.
Note
We strongly recommend that you adhere to the best practice of using the Administrator IAM user that follows and securely lock away the root user credentials. Sign in as the root user only to perform a few account and service management tasks.2. In the navigation pane, choose Users and then choose Add user.
3. For User name, enter Administrator.
4. Select the check box next to AWS Management Console access. Then select Custom password, and then enter your new password in the text box.
5. (Optional) By default, AWS requires the new user to create a new password when first signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.
6. Choose Next: Permissions.
7. Under Set permissions, choose Add user to group.
8. Choose Create group.
9. In the Create group dialog box, for Group name enter Administrators.
10. Choose Filter policies, and then select AWS managed - job function to filter the table contents.
11. In the policy list, select the check box for AdministratorAccess. Then choose Create group.
Note
You must activate IAM user and role access to Billing before you can use theAdministratorAccess permissions to access the AWS Billing and Cost Management console. To do this, follow the instructions in step 1 of the tutorial about delegating access to the billing console.
12. Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.
13. Choose Next: Tags.
14. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM entities in the IAM User Guide.
15. Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.
You can use this same process to create more groups and users and to give your users access to your AWS account resources. To learn about using policies that restrict user permissions to specific AWS resources, see Access management and Example policies.
Step 3. Create non-admin IAM users
Users in the Administrators group for an account have access to all AWS services and resources in that account. This section describes how to create users with permissions that are limited to AWS Elemental MediaConnect.
Step 3a: Create a policy
Topics
• Step 3a: Create a policy (p. 15)
• Step 3b: Create a user group (p. 16)
• Step 3c: Create users (p. 17)
Step 3a: Create a policy
Create two policies for AWS Elemental MediaConnect: one to provide read/write access and one to provide read-only access. Perform these steps one time only for each policy.
To create policies
1. Use your AWS account ID or account alias, and the credentials for your admin IAM user, to sign in to the IAM console.
2. In the navigation pane of the console, choose Policies.
3. On the Policies page, create a policy named MediaConnectAllAccess that allows all actions on all resources in AWS Elemental MediaConnect:
a. Choose Create policy.
b. Choose the JSON tab and paste the following policy:
{
"Version": "2012-10-17", "Statement": [
Step 3b: Create a user group
This policy allows all actions on all resources in AWS Elemental MediaConnect.
c. Choose Review policy.
d. On the Review policy page, for Name, enter MediaConnectAllAccess, and then choose Create policy.
4. On the Policies page, create a read-only policy named MediaConnectReadOnlyAccess for AWS Elemental MediaConnect:
a. Choose Create policy.
b. Choose the JSON tab and paste the following policy:
{ "Version": "2012-10-17", "Statement": [
d. On the Review policy page, for Name, enter MediaConnectReadOnlyAccess, and then choose Create policy.
Step 3b: Create a user group
You can create a user group for each policy and assign users to a group rather than attaching individual policies to each user. Using the following procedure, create two user groups: one for the MediaConnectAllAccess policy and one for the MediaConnectReadOnlyAccess policy.
Step 3c: Create users
To create user groups
1. In the navigation pane of the IAM console, choose Groups.
2. On the Groups page, create an administrator group using the MediaConnectAllAccess policy:
a. Choose Create New Group.
b. On the Set Group Name page, enter a name for the group, such as MediaConnectAdmins.
c. Choose Next Step.
d. On the Attach Policy page, for Filter, choose Customer Managed.
e. In the policy list, choose the MediaConnectAllAccess policy that you created in the procedure in Step 3a: Create a Policy (p. 15).
f. Choose Next Step.
g. On the Review page, verify that the correct policies are added to this group, and then choose Create Group.
3. On the Groups page, create a read-only group using the MediaConnectReaders policy:
a. Choose Create New Group.
b. On the Set Group Name page, enter a name for the group, such as MediaConnectReaders.
c. Choose Next Step.
d. On the Attach Policy page, for Filter, choose Customer Managed.
e. In the policy list, choose the MediaConnectReadOnlyAccess policy that you created in the procedure in Step 3a: Create a Policy (p. 15).
f. Choose Next Step.
g. On the Review page, verify that the correct policies are added to this group, and then choose Create Group.
Step 3c: Create users
Create IAM users for the individuals who require access to AWS Elemental MediaConnect, and add each user to the appropriate user group to ensure that they have the right level of permissions. If you have already created users, skip to step 6 to modify the permissions for the users.
To create users
1. In the navigation pane of the IAM console, choose Users, and then choose Add user.
2. For User name, enter the name that the user will use to sign in to AWS Elemental MediaConnect.
3. Select the check box next to AWS Management Console access, select Custom password, and then enter the new user's password in the box. You can optionally select Require password reset to force the user to create a password the next time the user signs in.
4. Choose Next: Permissions.
5. On the Set permissions for user page, choose Add user to group.
6. In the group list, choose the group with the appropriate attached policy. Remember that permissions levels are as follows:
• The MediaConnectAdmins group has permissions that allow all actions on all resources in AWS Elemental MediaConnect.
• The MediaConnectReaders group has permissions that allow read-only rights for all resources in AWS Elemental MediaConnect.
7. Choose Next: Review to see the list of group memberships that will be added to the new user.
8. When you are ready to proceed, choose Create user.
Step 4. (Optional) Set up encryption
Step 4. (Optional) Set up encryption
You can protect your content from unauthorized use through encryption. If your source is encrypted, AWS Elemental MediaConnect can decrypt it. In addition, the service can encrypt outputs and entitlements. AWS Elemental MediaConnect offers two options for encrypting content: static key and Secure Packager and Encoder Key Exchange (SPEKE). The steps to set up encryption depend on the type of encryption that you choose. For more information, see the following:
• Setting up static key encryption using AWS Elemental MediaConnect (p. 87)
• Setting up SPEKE encryption using AWS Elemental MediaConnect (p. 90)
Step 5. (Optional) Install the AWS CLI
To use the AWS CLI with AWS Elemental MediaConnect, install the latest AWS CLI version. For information about installing the AWS CLI or upgrading it to the latest version, see Installing the AWS Command Line Interface in the AWS Command Line Interface User Guide.
Prerequisites
Getting started with AWS Elemental MediaConnect
This Getting Started tutorial shows you how to use AWS Elemental MediaConnect to create and share flows. The tutorial is based on a scenario where you want to do all of the following:
• Ingest a live video stream of an awards show that is taking place in New York City.
• Distribute your video to an affiliate in Boston who does not have an AWS account, and wants content sent to their on-premises encoder.
• Share your video with an affiliate in Philadelphia who wants to use their AWS account to distribute the video to their three local stations.
Topics
• Prerequisites (p. 19)