You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Setting cdnAuth on OriginEndpoint previously stored the configuration but
did not by itself produce a working endpoint policy — the CdnAuthConfiguration block on OriginEndpointPolicy is non-functional
without an accompanying gating policy statement that requires the matching mediapackagev2:RequestHasMatchingCdnAuthHeader condition. Per the AWS docs
[1], both the gating statement and the configuration block are required.
This change:
Auto-emits the AWS-documented gating policy statement when cdnAuth is set
on OriginEndpointProps. The resulting OriginEndpointPolicy now contains
both the gating statement and the CdnAuthConfiguration block.
Drops the optional cdnAuth second argument from addToResourcePolicy(...)
on IOriginEndpoint — the field had no clean home there and only the first
call ever applied. CDN auth now lives only on the endpoint props.
Drops the cdnAuth prop on MediaPackageV2OriginProps for the same
reason — set cdnAuth on the OriginEndpoint directly.
Adds an integ test that deploys the full pipeline.
Updates the README to document the new pattern, including the JSON shape
the secret must use (MediaPackageV2CDNIdentifier key).
BREAKING CHANGE: OriginEndpoint.addToResourcePolicy() no longer accepts an
optional cdnAuth second argument. MediaPackageV2OriginProps.cdnAuth has
been removed. Set cdnAuth on OriginEndpointProps instead.
Describe any new or updated permissions being added
👋 It looks like your PR description follows the template but is missing a valid issue number in the first section.
PRs without a linked issue will receive lower priority for review and merging. Please update the description to include a reference like Closes #123. If no existing issue matches your change, create one first.
⚠️Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined. This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.
To suppress a specific rule, see Suppressing Rules.
⚠️Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined. This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.
To suppress a specific rule, see Suppressing Rules.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
Bot
added
the
valued-contributor
aws-cdk-automation
added
the
pr/needs-community-review
GitHub Actions
Inactive
Issue # (if applicable)
Closes #.
Reason for this change
Description of changes
Setting
cdnAuthonOriginEndpointpreviously stored the configuration butdid not by itself produce a working endpoint policy — the
CdnAuthConfigurationblock onOriginEndpointPolicyis non-functionalwithout an accompanying gating policy statement that requires the matching
mediapackagev2:RequestHasMatchingCdnAuthHeadercondition. Per the AWS docs[1], both the gating statement and the configuration block are required.
This change:
cdnAuthis seton
OriginEndpointProps. The resultingOriginEndpointPolicynow containsboth the gating statement and the
CdnAuthConfigurationblock.cdnAuthsecond argument fromaddToResourcePolicy(...)on
IOriginEndpoint— the field had no clean home there and only the firstcall ever applied. CDN auth now lives only on the endpoint props.
cdnAuthprop onMediaPackageV2OriginPropsfor the samereason — set
cdnAuthon theOriginEndpointdirectly.the secret must use (
MediaPackageV2CDNIdentifierkey).[1] https://docs.aws.amazon.com/mediapackage/latest/userguide/cdn-auth-setup.html
BREAKING CHANGE:
OriginEndpoint.addToResourcePolicy()no longer accepts anoptional
cdnAuthsecond argument.MediaPackageV2OriginProps.cdnAuthhasbeen removed. Set
cdnAuthonOriginEndpointPropsinstead.Describe any new or updated permissions being added
Description of how you validated changes
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license