This release adds support for CDN Authentication using Static Headers in MediaPackage v2.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/mediapackagev2/mediapackagev2-2022-12-25.api.json

@@ -612,6 +612,32 @@
       "members":{
       }
     },
+    "CdnAuthConfiguration":{
+      "type":"structure",
+      "required":[
+        "CdnIdentifierSecretArns",
+        "SecretsRoleArn"
+      ],
+      "members":{
+        "CdnIdentifierSecretArns":{"shape":"CdnAuthConfigurationCdnIdentifierSecretArnsList"},
+        "SecretsRoleArn":{"shape":"CdnAuthConfigurationSecretsRoleArnString"}
+      }
+    },
+    "CdnAuthConfigurationCdnIdentifierSecretArnsList":{
+      "type":"list",
+      "member":{"shape":"CdnIdentifierSecretArn"},
+      "min":1
+    },
+    "CdnAuthConfigurationSecretsRoleArnString":{
+      "type":"string",
+      "max":2048,
+      "min":20
+    },
+    "CdnIdentifierSecretArn":{
+      "type":"string",
+      "max":2048,
+      "min":20
+    },
     "ChannelGroupListConfiguration":{
       "type":"structure",
       "required":[
@@ -1813,7 +1839,8 @@
         "ChannelGroupName":{"shape":"ResourceName"},
         "ChannelName":{"shape":"ResourceName"},
         "OriginEndpointName":{"shape":"ResourceName"},
-        "Policy":{"shape":"PolicyText"}
+        "Policy":{"shape":"PolicyText"},
+        "CdnAuthConfiguration":{"shape":"CdnAuthConfiguration"}
       }
     },
     "GetOriginEndpointRequest":{
@@ -2370,7 +2397,8 @@
           "location":"uri",
           "locationName":"OriginEndpointName"
         },
-        "Policy":{"shape":"PolicyText"}
+        "Policy":{"shape":"PolicyText"},
+        "CdnAuthConfiguration":{"shape":"CdnAuthConfiguration"}
       }
     },
     "PutOriginEndpointPolicyResponse":{
@@ -2954,7 +2982,22 @@
         "ISM_CONTAINER_TYPE_WITH_LL_HLS_MANIFEST",
         "ISM_CONTAINER_TYPE_WITH_DASH_MANIFEST",
         "ISM_CONTAINER_TYPE_WITH_SCTE",
-        "ISM_CONTAINER_WITH_KEY_ROTATION"
+        "ISM_CONTAINER_WITH_KEY_ROTATION",
+        "BATCH_GET_SECRET_VALUE_DENIED",
+        "GET_SECRET_VALUE_DENIED",
+        "DESCRIBE_SECRET_DENIED",
+        "INVALID_SECRET_FORMAT",
+        "SECRET_IS_NOT_ONE_KEY_VALUE_PAIR",
+        "INVALID_SECRET_KEY",
+        "INVALID_SECRET_VALUE",
+        "SECRET_ARN_RESOURCE_NOT_FOUND",
+        "DECRYPT_SECRET_FAILED",
+        "TOO_MANY_SECRETS",
+        "DUPLICATED_SECRET",
+        "MALFORMED_SECRET_ARN",
+        "SECRET_FROM_DIFFERENT_ACCOUNT",
+        "SECRET_FROM_DIFFERENT_REGION",
+        "INVALID_SECRET"
       ]
     }
   }

generator/ServiceModels/mediapackagev2/mediapackagev2-2022-12-25.docs.json

@@ -35,7 +35,7 @@
   },
   "shapes": {
     "AccessDeniedException": {
-      "base": "<p>You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.</p>",
+      "base": "<p>Access is denied because either you don't have permissions to perform the requested operation or MediaPackage is getting throttling errors with CDN authorization. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide. Or, if you're using CDN authorization, you will receive this exception if MediaPackage receives a throttling error from Secrets Manager.</p>",
       "refs": {
       }
     },
@@ -77,6 +77,31 @@
       "refs": {
       }
     },
+    "CdnAuthConfiguration": {
+      "base": "<p>The settings to enable CDN authorization headers in MediaPackage.</p>",
+      "refs": {
+        "GetOriginEndpointPolicyResponse$CdnAuthConfiguration": "<p>The settings for using authorization headers between the MediaPackage endpoint and your CDN. </p> <p>For information about CDN authorization, see <a href=\"https://docs.aws.amazon.com/mediapackage/latest/userguide/cdn-auth.html\">CDN authorization in Elemental MediaPackage</a> in the MediaPackage user guide.</p>",
+        "PutOriginEndpointPolicyRequest$CdnAuthConfiguration": "<p>The settings for using authorization headers between the MediaPackage endpoint and your CDN. </p> <p>For information about CDN authorization, see <a href=\"https://docs.aws.amazon.com/mediapackage/latest/userguide/cdn-auth.html\">CDN authorization in Elemental MediaPackage</a> in the MediaPackage user guide. </p>"
+      }
+    },
+    "CdnAuthConfigurationCdnIdentifierSecretArnsList": {
+      "base": null,
+      "refs": {
+        "CdnAuthConfiguration$CdnIdentifierSecretArns": "<p>The ARN for the secret in Secrets Manager that your CDN uses for authorization to access the endpoint.</p>"
+      }
+    },
+    "CdnAuthConfigurationSecretsRoleArnString": {
+      "base": null,
+      "refs": {
+        "CdnAuthConfiguration$SecretsRoleArn": "<p>The ARN for the IAM role that gives MediaPackage read access to Secrets Manager and KMS for CDN authorization.</p>"
+      }
+    },
+    "CdnIdentifierSecretArn": {
+      "base": null,
+      "refs": {
+        "CdnAuthConfigurationCdnIdentifierSecretArnsList$member": null
+      }
+    },
     "ChannelGroupListConfiguration": {
       "base": "<p>The configuration of the channel group.</p>",
       "refs": {

generator/ServiceModels/mediapackagev2/mediapackagev2-2022-12-25.normal.json

@@ -580,7 +580,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.</p>",
+      "documentation":"<p>Access is denied because either you don't have permissions to perform the requested operation or MediaPackage is getting throttling errors with CDN authorization. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide. Or, if you're using CDN authorization, you will receive this exception if MediaPackage receives a throttling error from Secrets Manager.</p>",
       "error":{
         "httpStatusCode":403,
         "senderFault":true
@@ -648,6 +648,39 @@
       "members":{
       }
     },
+    "CdnAuthConfiguration":{
+      "type":"structure",
+      "required":[
+        "CdnIdentifierSecretArns",
+        "SecretsRoleArn"
+      ],
+      "members":{
+        "CdnIdentifierSecretArns":{
+          "shape":"CdnAuthConfigurationCdnIdentifierSecretArnsList",
+          "documentation":"<p>The ARN for the secret in Secrets Manager that your CDN uses for authorization to access the endpoint.</p>"
+        },
+        "SecretsRoleArn":{
+          "shape":"CdnAuthConfigurationSecretsRoleArnString",
+          "documentation":"<p>The ARN for the IAM role that gives MediaPackage read access to Secrets Manager and KMS for CDN authorization.</p>"
+        }
+      },
+      "documentation":"<p>The settings to enable CDN authorization headers in MediaPackage.</p>"
+    },
+    "CdnAuthConfigurationCdnIdentifierSecretArnsList":{
+      "type":"list",
+      "member":{"shape":"CdnIdentifierSecretArn"},
+      "min":1
+    },
+    "CdnAuthConfigurationSecretsRoleArnString":{
+      "type":"string",
+      "max":2048,
+      "min":20
+    },
+    "CdnIdentifierSecretArn":{
+      "type":"string",
+      "max":2048,
+      "min":20
+    },
     "ChannelGroupListConfiguration":{
       "type":"structure",
       "required":[
@@ -2598,6 +2631,10 @@
         "Policy":{
           "shape":"PolicyText",
           "documentation":"<p>The policy assigned to the origin endpoint.</p>"
+        },
+        "CdnAuthConfiguration":{
+          "shape":"CdnAuthConfiguration",
+          "documentation":"<p>The settings for using authorization headers between the MediaPackage endpoint and your CDN. </p> <p>For information about CDN authorization, see <a href=\"https://docs.aws.amazon.com/mediapackage/latest/userguide/cdn-auth.html\">CDN authorization in Elemental MediaPackage</a> in the MediaPackage user guide.</p>"
         }
       }
     },
@@ -3426,6 +3463,10 @@
         "Policy":{
           "shape":"PolicyText",
           "documentation":"<p>The policy to attach to the specified origin endpoint.</p>"
+        },
+        "CdnAuthConfiguration":{
+          "shape":"CdnAuthConfiguration",
+          "documentation":"<p>The settings for using authorization headers between the MediaPackage endpoint and your CDN. </p> <p>For information about CDN authorization, see <a href=\"https://docs.aws.amazon.com/mediapackage/latest/userguide/cdn-auth.html\">CDN authorization in Elemental MediaPackage</a> in the MediaPackage user guide. </p>"
         }
       }
     },
@@ -4267,7 +4308,22 @@
         "ISM_CONTAINER_TYPE_WITH_LL_HLS_MANIFEST",
         "ISM_CONTAINER_TYPE_WITH_DASH_MANIFEST",
         "ISM_CONTAINER_TYPE_WITH_SCTE",
-        "ISM_CONTAINER_WITH_KEY_ROTATION"
+        "ISM_CONTAINER_WITH_KEY_ROTATION",
+        "BATCH_GET_SECRET_VALUE_DENIED",
+        "GET_SECRET_VALUE_DENIED",
+        "DESCRIBE_SECRET_DENIED",
+        "INVALID_SECRET_FORMAT",
+        "SECRET_IS_NOT_ONE_KEY_VALUE_PAIR",
+        "INVALID_SECRET_KEY",
+        "INVALID_SECRET_VALUE",
+        "SECRET_ARN_RESOURCE_NOT_FOUND",
+        "DECRYPT_SECRET_FAILED",
+        "TOO_MANY_SECRETS",
+        "DUPLICATED_SECRET",
+        "MALFORMED_SECRET_ARN",
+        "SECRET_FROM_DIFFERENT_ACCOUNT",
+        "SECRET_FROM_DIFFERENT_REGION",
+        "INVALID_SECRET"
       ]
     }
   },

sdk/code-analysis/ServiceAnalysis/MediaPackageV2/Generated/PropertyValueRules.xml

@@ -764,6 +764,11 @@
     <max>256</max>
     <pattern>[a-zA-Z0-9_-]+</pattern>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.MediaPackageV2.Model.CdnAuthConfiguration.SecretsRoleArn</property>
+    <min>20</min>
+    <max>2048</max>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.MediaPackageV2.Model.ChannelGroupListConfiguration.Description</property>
     <min>0</min>

sdk/src/Services/MediaPackageV2/Generated/Model/AccessDeniedException.cs

@@ -30,10 +30,12 @@
 namespace Amazon.MediaPackageV2.Model
 {
     /// <summary>
-    /// You don't have permissions to perform the requested operation. The user or role that
-    /// is making the request must have at least one IAM permissions policy attached that
-    /// grants the required permissions. For more information, see Access Management in the
-    /// IAM User Guide.
+    /// Access is denied because either you don't have permissions to perform the requested
+    /// operation or MediaPackage is getting throttling errors with CDN authorization. The
+    /// user or role that is making the request must have at least one IAM permissions policy
+    /// attached that grants the required permissions. For more information, see Access Management
+    /// in the IAM User Guide. Or, if you're using CDN authorization, you will receive this
+    /// exception if MediaPackage receives a throttling error from Secrets Manager.
     /// </summary>
     #if !NETSTANDARD
     [Serializable]

sdk/src/Services/MediaPackageV2/Generated/Model/CdnAuthConfiguration.cs

@@ -0,0 +1,81 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the mediapackagev2-2022-12-25.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+#pragma warning disable CS0612,CS0618,CS1570
+namespace Amazon.MediaPackageV2.Model
+{
+    /// <summary>
+    /// The settings to enable CDN authorization headers in MediaPackage.
+    /// </summary>
+    public partial class CdnAuthConfiguration
+    {
+        private List<string> _cdnIdentifierSecretArns = AWSConfigs.InitializeCollections ? new List<string>() : null;
+        private string _secretsRoleArn;
+
+        /// <summary>
+        /// Gets and sets the property CdnIdentifierSecretArns. 
+        /// <para>
+        /// The ARN for the secret in Secrets Manager that your CDN uses for authorization to
+        /// access the endpoint.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true, Min=1)]
+        public List<string> CdnIdentifierSecretArns
+        {
+            get { return this._cdnIdentifierSecretArns; }
+            set { this._cdnIdentifierSecretArns = value; }
+        }
+
+        // Check to see if CdnIdentifierSecretArns property is set
+        internal bool IsSetCdnIdentifierSecretArns()
+        {
+            return this._cdnIdentifierSecretArns != null && (this._cdnIdentifierSecretArns.Count > 0 || !AWSConfigs.InitializeCollections); 
+        }
+
+        /// <summary>
+        /// Gets and sets the property SecretsRoleArn. 
+        /// <para>
+        /// The ARN for the IAM role that gives MediaPackage read access to Secrets Manager and
+        /// KMS for CDN authorization.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true, Min=20, Max=2048)]
+        public string SecretsRoleArn
+        {
+            get { return this._secretsRoleArn; }
+            set { this._secretsRoleArn = value; }
+        }
+
+        // Check to see if SecretsRoleArn property is set
+        internal bool IsSetSecretsRoleArn()
+        {
+            return this._secretsRoleArn != null;
+        }
+
+    }
+}

sdk/src/Services/MediaPackageV2/Generated/Model/GetOriginEndpointPolicyResponse.cs

@@ -34,11 +34,36 @@ namespace Amazon.MediaPackageV2.Model
     /// </summary>
     public partial class GetOriginEndpointPolicyResponse : AmazonWebServiceResponse
     {
+        private CdnAuthConfiguration _cdnAuthConfiguration;
         private string _channelGroupName;
         private string _channelName;
         private string _originEndpointName;
         private string _policy;
 
+        /// <summary>
+        /// Gets and sets the property CdnAuthConfiguration. 
+        /// <para>
+        /// The settings for using authorization headers between the MediaPackage endpoint and
+        /// your CDN. 
+        /// </para>
+        ///  
+        /// <para>
+        /// For information about CDN authorization, see <a href="https://docs.aws.amazon.com/mediapackage/latest/userguide/cdn-auth.html">CDN
+        /// authorization in Elemental MediaPackage</a> in the MediaPackage user guide.
+        /// </para>
+        /// </summary>
+        public CdnAuthConfiguration CdnAuthConfiguration
+        {
+            get { return this._cdnAuthConfiguration; }
+            set { this._cdnAuthConfiguration = value; }
+        }
+
+        // Check to see if CdnAuthConfiguration property is set
+        internal bool IsSetCdnAuthConfiguration()
+        {
+            return this._cdnAuthConfiguration != null;
+        }
+
         /// <summary>
         /// Gets and sets the property ChannelGroupName. 
         /// <para>