public class SpekeDrmProvider extends Object
Constructor and Description |
---|
SpekeDrmProvider() |
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object o) |
String |
getExternalId()
External ID used together with the IAM role identified by `roleArn` to assume access to the SPEKE server on AWS.
|
ExternalIdMode |
getExternalIdMode()
Get externalIdMode
|
String |
getGatewayRegion()
Describes the region of the AWS API Gateway that is used to access the SPEKE server.
|
String |
getPassword()
Your password for Basic Authentication
|
String |
getRoleArn()
AWS role that will be assumed for the key exchange in case the provider runs on AWS.
|
String |
getUrl()
URL of the endpoint (required)
|
String |
getUsername()
Your username for Basic Authentication
|
int |
hashCode() |
void |
setExternalId(String externalId)
External ID used together with the IAM role identified by `roleArn` to assume access to the SPEKE server on AWS.
|
void |
setExternalIdMode(ExternalIdMode externalIdMode)
Set externalIdMode
|
void |
setGatewayRegion(String gatewayRegion)
Describes the region of the AWS API Gateway that is used to access the SPEKE server.
|
void |
setPassword(String password)
Your password for Basic Authentication
|
void |
setRoleArn(String roleArn)
AWS role that will be assumed for the key exchange in case the provider runs on AWS.
|
void |
setUrl(String url)
URL of the endpoint (required)
|
void |
setUsername(String username)
Your username for Basic Authentication
|
String |
toString() |
public String getUrl()
public void setUrl(String url)
url
- URL of the endpoint (required)public String getUsername()
public void setUsername(String username)
username
- Your username for Basic Authenticationpublic String getPassword()
public void setPassword(String password)
password
- Your password for Basic Authenticationpublic String getRoleArn()
public void setRoleArn(String roleArn)
roleArn
- AWS role that will be assumed for the key exchange in case the provider runs on AWS. During the key exchange the role will be assumed to be able to access the key provider. This role is to be created in the customer's account and must be granted access to the API Gateway of the SPEKE server. For Bitmovin to be able to assume this role, the following has to be added to the trust policy of the role: ``` { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::630681592166:user/bitmovinCustomerSpekeAccess\" }, \"Action\": \"sts:AssumeRole\", \"Condition\": { \"StringEquals\": { \"sts:ExternalId\": \"{{externalId}}\" } } } ``` It is recommended to also set the {{externalId}} due to security reasons but it can also be ommitted. Additionally the role needs a policy similar to the following to be able to invoke the API gateway: ``` { \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": [ \"execute-api:Invoke\" ], \"Resource\": [ \"arn:aws:execute-api:{{region}}:*:*_/_*_/POST/_*\" ] } ] } ``` where `{{region}}` is the region of the API gateway (for example `us-west-2`), the same has to be set in the property 'gatewayRegion'. It's also possible to set `{{region}` to `*` to give the role access to all regions.public String getExternalId()
public void setExternalId(String externalId)
externalId
- External ID used together with the IAM role identified by `roleArn` to assume access to the SPEKE server on AWS.public ExternalIdMode getExternalIdMode()
public void setExternalIdMode(ExternalIdMode externalIdMode)
externalIdMode
- public String getGatewayRegion()
public void setGatewayRegion(String gatewayRegion)
gatewayRegion
- Describes the region of the AWS API Gateway that is used to access the SPEKE server. This property is mandatory when setting 'roleArn' and has to indicate in which region the AWS API Gateway is setup. This usually corresponds to the `{{region}}` one sets in the execute-api policy for the role as described in 'roleArn'.Copyright © 2022. All rights reserved.