0

I have implemented Video on Demand solutions in production for quite some time now and a number of videos running. While in the initial development we don't have a requirement for DRM, we enable the AWS Elemental MediaPackage to anticipate the future requirements for DRM.

The description says

With this solution, you can also choose to use AWS Elemental MediaPackage for packaging content into different formats and to apply digital rights management (DRM)

However, there is no guidance on the DRM in the Implementation Guide. I would like to implement DRM on the existing solutions, what do I need to do next?

Petra Barus
  • 3,815
  • 8
  • 48
  • 87

1 Answers1

1

In order to implement DRM in this solution, you will need a DRM Provider that supports SPEKE (1). In the case of MediaPackage, the partner must support SPEKE v1 (2).

Generally, the provider provides you with a SPEKE Gateway to deploy in your AWS account, in the same AWS Region where MediaPackage is running. If you need to build your own SPEKE Gateway (which leverages Amazon's API Gateway) to connect MediaPackage to your key service, you can use the SPEKE Reference Server available on GitHub as a starting point (3). You can find a list of Amazon partners that provide third-party DRM platform implementations for SPEKE here (4).

Once you have a DRM provider, you will need to enable encryption on your packaging configurations and set the applicable encryption settings.

In the packaging group created by the solution, you will see 4 packaging configurations (for CMAF, HLS, MSS & DASH). After clicking 'Manage Configurations', you will need to duplicate / create new configurations (since you cannot edit an existing one), then 'Enable encryption' packaging configuration screen

In this configuration screen is where you will specify the encryption settings. encryption settings screen

  1. Content encryption and DRM in AWS Elemental MediaPackage : https://docs.aws.amazon.com/mediapackage/latest/ug/using-encryption.html
  2. Choosing the right SPEKE version : https://docs.aws.amazon.com/mediapackage/latest/ug/encryption-choosing-speke-version.html
  3. SPEKE Reference Server : https://github.com/awslabs/speke-reference-server
  4. Get on board with a DRM platform provider : https://docs.aws.amazon.com/speke/latest/documentation/customer-onboarding.html#choose-drm-provider
aws-slm
  • 146
  • 3
  • Is SPEKE reference server = DRM Provider? Or SPEKE reference server is the Key Server? Is the SPEKE reference server will only be used to talk with the DRM Provider? If so, in the repository I don't see any call to a DRM Provider, it seems it only generates content encryption/decryption key manually. – Theo Cerutti Aug 18 '23 at 13:07