Creating the IAM role in MediaConvert with configured permissions - MediaConvert
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating the IAM role in MediaConvert with configured permissions

When you create the Amazon Identity and Access Management (IAM) role in MediaConvert with configured permissions, you can restrict MediaConvert access to only specific Amazon S3 buckets. You can also specify whether to grant invoke access to your Amazon API Gateway endpoints.

To set up the IAM role in MediaConvert with configured permissions

  1. Open the Jobs page in the MediaConvert console.

  2. Choose Create job.

  3. Under Job settings, choose Amazon integration.

  4. In the Service access section, for Service role control, choose Create a new service role, configure permissions.

  5. For New role name, we suggest that you keep the default value MediaConvert_Default_Role. When you do, MediaConvert uses this role by default for your future jobs.

  6. For Input S3 locations and Output S3 locations, choose Add location. Select the Amazon S3 buckets that you will use for input or output locations.

  7. (Optional) For API Gateway endpoint invocation, if you use features that require it, choose allow.

    MediaConvert requires this access for the following features:

    • Digital rights management with SPEKE

    • Nielsen non-linear watermarking

    To allow MediaConvert invoke access to a specific endpoint only, modify these permissions in the role policy after you create it by using the Amazon Identity and Access Management (IAM) service. For more information, see Editing IAM policies in the Amazon Identity and Access Management User Guide.