npm - @aws-cdk/aws-mediapackagev2-alpha - Versions diffs - 2.253.1-alpha.0 → 2.255.0-alpha.0 - Mend

@aws-cdk/aws-mediapackagev2-alpha 2.253.1-alpha.0 → 2.255.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/.jsii +176 -3
package/.jsii.tabl.json.gz +0 -0
package/.warnings.jsii.js +11 -0
package/README.md +19 -2
package/lib/channel-policy.js +1 -1
package/lib/channel.js +3 -3
package/lib/cloudfront-origin.d.ts +65 -0
package/lib/cloudfront-origin.js +101 -0
package/lib/endpoint.js +19 -16
package/lib/group.js +1 -1
package/lib/index.d.ts +1 -0
package/lib/index.js +2 -1
package/lib/mediapackagev2-grants.generated.js +1 -1
package/lib/origin-endpoint-policy.js +1 -1
package/package.json +6 -6
package/rosetta/default.ts-fixture +1 -0

package/.jsii CHANGED Viewed

@@ -8,7 +8,7 @@
     "url": "https://aws.amazon.com"
   },
   "dependencies": {
-    "aws-cdk-lib": "^2.253.1",
+    "aws-cdk-lib": "^2.255.0",
     "constructs": "^10.5.0"
   },
   "dependencyClosure": {
@@ -8959,7 +8959,7 @@
   },
   "name": "@aws-cdk/aws-mediapackagev2-alpha",
   "readme": {
-    "markdown": "# AWS::MediaPackageV2 Construct Library\n<!--BEGIN STABILITY BANNER-->\n\n---\n\n![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)\n\n> The APIs of higher level constructs in this module are experimental and under active development.\n> They are subject to non-backward compatible changes or removal in any future version. These are\n> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be\n> announced in the release notes. This means that while you may use them, you may need to update\n> your source code when upgrading to a newer version of this package.\n\n---\n\n<!--END STABILITY BANNER-->\n\n## AWS Elemental MediaPackage V2\n\nMediaPackage delivers high-quality video without concern for capacity and makes it easier to implement popular DVR features such as start over, pause, and rewind. Your content will be protected with comprehensive support for DRM. The service seamlessly integrates with other AWS media services as a complete set of tools for cloud-based video processing and delivery.\n\nThis package contains constructs for working with AWS Elemental MediaPackage V2. Allowing you to define AWS Elemental MediaPackage V2 Channel Groups, Channels, Origin Endpoints, Channel Policies and Origin Endpoint Policies.\n\nFor further information on AWS Elemental MediaPackage V2, see [the documentation](https://aws.amazon.com/mediapackage/).\n\nThe following example creates an AWS Elemental MediaPackage V2 Channel Group, Channel and Origin Endpoint:\n\n```ts\ndeclare const stack: Stack;\nconst group = new ChannelGroup(stack, 'MyChannelGroup', {\n    channelGroupName: 'my-test-channel-group',\n});\n\nconst channel = new Channel(stack, 'MyChannel', {\n    channelGroup: group,\n    channelName: 'my-testchannel',\n    input: InputConfiguration.cmaf(),\n});\n\nconst endpoint = new OriginEndpoint(stack, 'MyOriginEndpoint', {\n    channel,\n    originEndpointName: 'my-test-endpoint',\n    segment: Segment.cmaf(),\n    manifests: [Manifest.hls({\n        manifestName: 'index',\n    })],\n});\n```\n\n## Using Factory Methods\n\n```ts\ndeclare const stack: Stack;\n\n// Create a channel group\nconst group = new ChannelGroup(stack, 'MyChannelGroup', {\n  channelGroupName: 'my-channel-group',\n});\n\n// Add a channel using the factory method\nconst channel = group.addChannel('MyChannel', {\n  channelName: 'my-channel',\n  input: InputConfiguration.cmaf(),\n});\n\n// Add an origin endpoint using the factory method\nconst endpoint = channel.addOriginEndpoint('MyEndpoint', {\n  originEndpointName: 'my-endpoint',\n  segment: Segment.cmaf(),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n## Channel Group\n\nA channel group is the top-level resource that consists of channels and origin endpoints associated with it.\n\nThe following code creates a Channel Group:\n\n```ts\ndeclare const stack: Stack;\nconst group = new ChannelGroup(stack, 'MyChannelGroup', {\n    channelGroupName: 'my-test-channel-group',\n});\n```\n\nThe following code imports an existing channel group using the name attribute:\n\n```ts\ndeclare const stack: Stack;\nconst channelGroup = ChannelGroup.fromChannelGroupAttributes(stack, 'ImportedChannelGroup', {\n    channelGroupName: 'MyChannelGroup',\n});\n```\n\nYou can also import from an ARN, which automatically extracts the name and region:\n\n```ts\ndeclare const stack: Stack;\nconst channelGroup = ChannelGroup.fromChannelGroupArn(stack, 'ImportedChannelGroup',\n    'arn:aws:mediapackagev2:us-west-2:123456789012:channelGroup/MyChannelGroup',\n);\n```\n\nFor cross-region imports, pass the `region` parameter to ensure the correct ARN is constructed:\n\n```ts\ndeclare const stack: Stack;\nconst channelGroup = ChannelGroup.fromChannelGroupAttributes(stack, 'ImportedChannelGroup', {\n    channelGroupName: 'MyChannelGroup',\n    region: 'us-west-2',\n});\n```\n\n## Channel\n\nA channel is part of a channel group and represents the entry point for a content stream into MediaPackage.\n\n### Input Configuration\n\nChannels support two input types: HLS and CMAF.\n\n```ts\ndeclare const stack: Stack;\ndeclare const group: ChannelGroup;\n\nconst hlsChannel = new Channel(stack, 'HlsChannel', {\n  channelGroup: group,\n  input: InputConfiguration.hls(),\n});\n\nconst cmafChannel = new Channel(stack, 'CmafChannel', {\n  channelGroup: group,\n  input: InputConfiguration.cmaf({\n    inputSwitchConfiguration: {\n      mqcsInputSwitching: true,\n    },\n    outputHeaders: [HeadersCMSD.MQCS],\n  }),\n});\n\nconst simpleCmafChannel = new Channel(stack, 'SimpleCmafChannel', {\n  channelGroup: group,\n  input: InputConfiguration.cmaf({\n    outputHeaders: [HeadersCMSD.MQCS],\n  }),\n});\n```\n\n### Importing an Existing Channel\n\nThe following code imports an existing channel using the name attributes:\n\n```ts\ndeclare const stack: Stack;\nconst channel = Channel.fromChannelAttributes(stack, 'ImportedChannel', {\n    channelName: 'MyChannel',\n    channelGroupName: 'MyChannelGroup',\n});\n```\n\nYou can also import from an ARN:\n\n```ts\ndeclare const stack: Stack;\nconst channel = Channel.fromChannelArn(stack, 'ImportedChannel',\n    'arn:aws:mediapackagev2:us-west-2:123456789012:channelGroup/MyGroup/channel/MyChannel',\n);\n```\n\nImported channels expose a `region` property, which is parsed from the ARN or falls back to the importing stack's region.\n\n### Channel Resource Policy\n\nThe following code creates a resource policy directly on the channel. This\nwill automatically create a policy on the first call:\n\n```ts\ndeclare const channel: Channel;\nchannel.addToResourcePolicy(new PolicyStatement({\n    sid: 'AllowMediaLiveRoleToAccessEmpChannel',\n    principals: [new ArnPrincipal('arn:aws:iam::AccountID:role/MediaLiveAccessRole')],\n    effect: Effect.ALLOW,\n    actions: ['mediapackagev2:PutObject'],\n    resources: [channel.channelArn],\n}));\n```\n\n## Origin Endpoint\n\n```ts\ndeclare const stack: Stack;\ndeclare const channel: Channel;\nnew OriginEndpoint(stack, 'myendpoint', {\n    channel,\n    originEndpointName: 'my-test-endpoint',\n    segment: Segment.cmaf(),\n    manifests: [\n      Manifest.hls({\n        manifestName: 'index',\n      }),\n    ],\n});\n```\n\nThe following code imports an existing origin endpoint using the name attributes:\n\n```ts\ndeclare const stack: Stack;\nconst originEndpoint = OriginEndpoint.fromOriginEndpointAttributes(stack, 'ImportedOriginEndpoint', {\n    channelGroupName: 'MyChannelGroup',\n    channelName: 'MyChannel',\n    originEndpointName: 'MyExampleOriginEndpoint',\n});\n```\n\nYou can also import from an ARN:\n\n```ts\ndeclare const stack: Stack;\nconst originEndpoint = OriginEndpoint.fromOriginEndpointArn(stack, 'ImportedOriginEndpoint',\n    'arn:aws:mediapackagev2:us-west-2:123456789012:channelGroup/MyGroup/channel/MyChannel/originEndpoint/MyEndpoint',\n);\n```\n\nThe following code creates a resource policy on the origin endpoint. This\nwill automatically create a policy on the first call:\n\n```ts\ndeclare const origin: OriginEndpoint;\n\norigin.addToResourcePolicy(new PolicyStatement({\n    sid: 'AllowRequestsFromCloudFront',\n    principals: [new ServicePrincipal('cloudfront.amazonaws.com')],\n    effect: Effect.ALLOW,\n    actions: ['mediapackagev2:GetHeadObject', 'mediapackagev2:GetObject'],\n    resources: [origin.originEndpointArn],\n    conditions: {\n      StringEquals: {\n        'aws:SourceArn': 'arn:aws:cloudfront::123456789012:distribution/AAAAAAAAA',\n      },\n    },\n}));\n```\n\n## Granting Permissions\n\n### Granting Ingest Access to MediaLive\n\nTo allow AWS Elemental MediaLive to ingest content into a MediaPackage channel, use the `grants.ingest()` method:\n\n```ts\ndeclare const channel: Channel;\ndeclare const mediaLiveRole: iam.IRole;\n\n// Grant MediaLive permission to ingest content\nchannel.grants.ingest(mediaLiveRole);\n```\n\n### CloudFront Integration\n\nMediaPackage origin endpoints are designed to be used with Content Delivery Network (CDN) like Amazon CloudFront distributions. CloudFront provides caching, DDoS protection, and global content delivery for your streaming content.\n\nTo allow a CloudFront distribution to access a MediaPackage origin endpoint, add a resource policy with the CloudFront service principal:\n\n```ts\ndeclare const originEndpoint: OriginEndpoint;\ndeclare const distribution: cloudfront.Distribution;\n\noriginEndpoint.addToResourcePolicy(new iam.PolicyStatement({\n  sid: 'AllowCloudFrontServicePrincipal',\n  principals: [new iam.ServicePrincipal('cloudfront.amazonaws.com')],\n  effect: iam.Effect.ALLOW,\n  actions: ['mediapackagev2:GetObject', 'mediapackagev2:GetHeadObject'],\n  resources: [originEndpoint.originEndpointArn],\n  conditions: {\n    StringEquals: {\n      'aws:SourceArn': distribution.distributionArn,\n    },\n  },\n}));\n```\n\nYou can complete the confirmation with an OAC (Origin Access Control) Policy on the CloudFront Distribution.\n\n## Manifest Configuration\n\nMediaPackage V2 supports multiple manifest formats: HLS, Low-Latency HLS (LL-HLS), DASH, and Microsoft Smooth Streaming (MSS).\n\n### HLS Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(60),\n      programDateTimeInterval: Duration.seconds(60),\n      scteAdMarkerHls: AdMarkerHls.DATERANGE,\n    }),\n  ],\n});\n```\n\n### Low-Latency HLS Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.lowLatencyHLS({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(30),\n      programDateTimeInterval: Duration.seconds(5),\n      childManifestName: 'child',\n    }),\n  ],\n});\n```\n\n### DASH Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.dash({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(60),\n      minBufferTime: Duration.seconds(30),\n      minUpdatePeriod: Duration.seconds(10),\n      segmentTemplateFormat: SegmentTemplateFormat.NUMBER_WITH_TIMELINE,\n      periodTriggers: [\n        DashPeriodTriggers.AVAILS,\n        DashPeriodTriggers.DRM_KEY_ROTATION,\n      ],\n    }),\n  ],\n});\n```\n\n### MSS Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.ism(),\n  manifests: [\n    Manifest.mss({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(60),\n      manifestLayout: MssManifestLayout.COMPACT,\n    }),\n  ],\n});\n```\n\n### Multiple Manifests\n\nYou can configure multiple manifest formats for a single origin endpoint:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({ manifestName: 'hls' }),\n    Manifest.dash({ manifestName: 'dash' }),\n  ],\n});\n```\n\n| Segment type | Supported manifests |\n|--------|--------|\n| Segment.cmaf() | HLS, LL-HLS, DASH |\n| Segment.ts() | HLS, LL-HLS |\n| Segment.ism() | MSS |\n\nEach origin endpoint has a single segment configuration. If you need segments with different configurations, use multiple origin endpoints on the same channel.\n\n@see https://docs.aws.amazon.com/mediapackage/latest/userguide/endpoints-create.html\n\n## Manifest Filtering\n\nManifest filters control which variants are included in the manifest. Filters are type-safe and validated against the [MediaPackage manifest filtering rules](https://docs.aws.amazon.com/mediapackage/latest/userguide/manifest-filter-query-parameters.html).\n\n| Filter | Method |\n|--------|--------|\n| Audio / video bitrate | `bitrate()`, `bitrateRange()`, `bitrateCombo()` |\n| Audio channels, sample rate, video height, framerate, trickplay height | `numeric()`, `numericList()`, `numericRange()`, `numericCombo()` |\n| Audio codec | `audioCodec()`, `audioCodecList()` |\n| Video codec | `videoCodec()`, `videoCodecList()` |\n| Video dynamic range | `videoDynamicRange()`, `videoDynamicRangeList()` |\n| Trickplay type | `trickplayType()`, `trickplayTypeList()` |\n| Audio / subtitle language | `text()`, `textList()` |\n| Advanced patterns | `custom()` |\n\nThe following example creates an HD streaming endpoint that serves only H.264/H.265 content between 1–5 Mbps with stereo audio in English or French:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      filterConfiguration: {\n        manifestFilter: [\n          ManifestFilter.bitrateRange(BitrateFilterKey.VIDEO_BITRATE, Bitrate.mbps(1), Bitrate.mbps(5)),\n          ManifestFilter.numericRange(NumericFilterKey.VIDEO_HEIGHT, 720, 1080),\n          ManifestFilter.videoCodecList([VideoCodec.H264, VideoCodec.H265]),\n          ManifestFilter.numeric(NumericFilterKey.AUDIO_CHANNELS, 2),\n          ManifestFilter.textList(TextFilterKey.AUDIO_LANGUAGE, ['en-US', 'fr']),\n        ],\n        timeDelay: Duration.seconds(30),\n      },\n    }),\n  ],\n});\n```\n\nFor advanced patterns that combine ranges and single values, use `numericCombo()` or `bitrateCombo()`:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      filterConfiguration: {\n        manifestFilter: [\n          // video_height:240-360,720-1080,1440\n          ManifestFilter.numericCombo(NumericFilterKey.VIDEO_HEIGHT, [\n            NumericExpression.range(240, 360),\n            NumericExpression.range(720, 1080),\n            NumericExpression.value(1440),\n          ]),\n        ],\n      },\n    }),\n  ],\n});\n```\n\n### DRM Settings\n\nYou can exclude session keys from HLS and LL-HLS multivariant playlists using the `drmSettings` filter configuration. This improves compatibility with legacy HLS clients and provides more granular access control:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      filterConfiguration: {\n        drmSettings: [DrmSettingsKey.EXCLUDE_SESSION_KEYS],\n      },\n    }),\n  ],\n});\n```\n\n## Start Tag Configuration\n\nConfigure where playback should start in HLS and LL-HLS manifests using the EXT-X-START tag:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      startTag: StartTag.of(10),\n    }),\n  ],\n});\n```\n\n## Segment Configuration\n\nConfigure segment settings for your origin endpoint.\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'TsEndpoint', {\n  channel,\n  segment: Segment.ts({\n    duration: Duration.seconds(6),\n    name: 'segment',\n    includeDvbSubtitles: true,\n    useAudioRenditionGroup: true,\n    includeIframeOnlyStreams: false,\n    scteFilter: [\n      ScteMessageType.BREAK,\n      ScteMessageType.DISTRIBUTOR_ADVERTISEMENT,\n    ],\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n\nnew OriginEndpoint(this, 'CmafEndpoint', {\n  channel,\n  segment: Segment.cmaf({\n    duration: Duration.seconds(6),\n    name: 'segment',\n    includeIframeOnlyStreams: true,\n    scteFilter: [ScteMessageType.DISTRIBUTOR_ADVERTISEMENT],\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n## Encryption and DRM\n\nProtect your content with encryption using SPEKE (Secure Packager and Encoder Key Exchange). Each container type has its own encryption class with type-safe options:\n\n### CMAF Encryption\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf({\n    encryption: CmafEncryption.speke({\n      method: CmafEncryptionMethod.CBCS,\n      drmSystems: [CmafDrmSystem.FAIRPLAY, CmafDrmSystem.WIDEVINE],\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n      keyRotationInterval: Duration.seconds(300),\n      audioPreset: PresetSpeke20Audio.PRESET_AUDIO_2,\n      videoPreset: PresetSpeke20Video.PRESET_VIDEO_2,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n### TS Encryption\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'TsEndpoint', {\n  channel,\n  segment: Segment.ts({\n    encryption: TsEncryption.speke({\n      method: TsEncryptionMethod.SAMPLE_AES,\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\nTS encryption defaults the DRM system based on the method: FairPlay for `SAMPLE_AES`, Clear Key AES 128 for `AES_128`. You can override this with the `drmSystems` property using `TsDrmSystem`.\n\n### Content Key Encryption\n\nYou can add content key encryption by providing a certificate imported into AWS Certificate Manager. Your DRM key provider must support content key encryption for this to work:\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\ndeclare const certificate: certificatemanager.ICertificate;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf({\n    encryption: CmafEncryption.speke({\n      method: CmafEncryptionMethod.CBCS,\n      drmSystems: [CmafDrmSystem.FAIRPLAY],\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n      certificate,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n### Excluding Segment DRM Metadata\n\nFor CMAF content, you can exclude DRM metadata from segments:\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf({\n    encryption: CmafEncryption.speke({\n      method: CmafEncryptionMethod.CBCS,\n      drmSystems: [CmafDrmSystem.FAIRPLAY],\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n      excludeSegmentDrmMetadata: true,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n### ISM (Smooth Streaming) Encryption\n\nISM endpoints use CENC encryption with PlayReady. Audio and video presets are always `SHARED`, and key rotation is not supported. The DRM system defaults to PlayReady:\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'IsmEndpoint', {\n  channel,\n  segment: Segment.ism({\n    encryption: IsmEncryption.speke({\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n    }),\n  }),\n  manifests: [Manifest.mss({ manifestName: 'index' })],\n});\n```\n\n## CloudWatch Metrics\n\nMediaPackage V2 resources expose CloudWatch metrics for monitoring. You can create alarms and dashboards using these metrics:\n\n```ts\ndeclare const channelGroup: ChannelGroup;\ndeclare const channel: Channel;\ndeclare const endpoint: OriginEndpoint;\n\n// Create a CloudWatch alarm on channel group egress bytes\nconst alarm = channelGroup.metricEgressBytes().createAlarm(this, 'HighEgress', {\n  threshold: 1000,\n  evaluationPeriods: 1,\n});\n\n// Monitor channel ingress response time\nchannel.metricIngressResponseTime().createAlarm(this, 'SlowIngress', {\n  threshold: 1000,\n  evaluationPeriods: 2,\n});\n\n// Track origin endpoint request count\nconst requestMetric = endpoint.metricEgressRequestCount({\n  statistic: 'sum',\n  period: Duration.minutes(5),\n});\n```\n\nAvailable metrics include:\n\n- `metricIngressBytes()` - Bytes ingested\n- `metricEgressBytes()` - Bytes delivered\n- `metricIngressResponseTime()` - Ingress response time (average)\n- `metricEgressResponseTime()` - Egress response time (average)\n- `metricIngressRequestCount()` - Number of ingress requests\n- `metricEgressRequestCount()` - Number of egress requests\n\nAll metrics support standard CloudWatch metric options for customizing period, statistic, and dimensions.\n"
+    "markdown": "# AWS::MediaPackageV2 Construct Library\n<!--BEGIN STABILITY BANNER-->\n\n---\n\n![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)\n\n> The APIs of higher level constructs in this module are experimental and under active development.\n> They are subject to non-backward compatible changes or removal in any future version. These are\n> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be\n> announced in the release notes. This means that while you may use them, you may need to update\n> your source code when upgrading to a newer version of this package.\n\n---\n\n<!--END STABILITY BANNER-->\n\n## AWS Elemental MediaPackage V2\n\nMediaPackage delivers high-quality video without concern for capacity and makes it easier to implement popular DVR features such as start over, pause, and rewind. Your content will be protected with comprehensive support for DRM. The service seamlessly integrates with other AWS media services as a complete set of tools for cloud-based video processing and delivery.\n\nThis package contains constructs for working with AWS Elemental MediaPackage V2. Allowing you to define AWS Elemental MediaPackage V2 Channel Groups, Channels, Origin Endpoints, Channel Policies and Origin Endpoint Policies.\n\nFor further information on AWS Elemental MediaPackage V2, see [the documentation](https://aws.amazon.com/mediapackage/).\n\nThe following example creates an AWS Elemental MediaPackage V2 Channel Group, Channel and Origin Endpoint:\n\n```ts\ndeclare const stack: Stack;\nconst group = new ChannelGroup(stack, 'MyChannelGroup', {\n    channelGroupName: 'my-test-channel-group',\n});\n\nconst channel = new Channel(stack, 'MyChannel', {\n    channelGroup: group,\n    channelName: 'my-testchannel',\n    input: InputConfiguration.cmaf(),\n});\n\nconst endpoint = new OriginEndpoint(stack, 'MyOriginEndpoint', {\n    channel,\n    originEndpointName: 'my-test-endpoint',\n    segment: Segment.cmaf(),\n    manifests: [Manifest.hls({\n        manifestName: 'index',\n    })],\n});\n```\n\n## Using Factory Methods\n\n```ts\ndeclare const stack: Stack;\n\n// Create a channel group\nconst group = new ChannelGroup(stack, 'MyChannelGroup', {\n  channelGroupName: 'my-channel-group',\n});\n\n// Add a channel using the factory method\nconst channel = group.addChannel('MyChannel', {\n  channelName: 'my-channel',\n  input: InputConfiguration.cmaf(),\n});\n\n// Add an origin endpoint using the factory method\nconst endpoint = channel.addOriginEndpoint('MyEndpoint', {\n  originEndpointName: 'my-endpoint',\n  segment: Segment.cmaf(),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n## Channel Group\n\nA channel group is the top-level resource that consists of channels and origin endpoints associated with it.\n\nThe following code creates a Channel Group:\n\n```ts\ndeclare const stack: Stack;\nconst group = new ChannelGroup(stack, 'MyChannelGroup', {\n    channelGroupName: 'my-test-channel-group',\n});\n```\n\nThe following code imports an existing channel group using the name attribute:\n\n```ts\ndeclare const stack: Stack;\nconst channelGroup = ChannelGroup.fromChannelGroupAttributes(stack, 'ImportedChannelGroup', {\n    channelGroupName: 'MyChannelGroup',\n});\n```\n\nYou can also import from an ARN, which automatically extracts the name and region:\n\n```ts\ndeclare const stack: Stack;\nconst channelGroup = ChannelGroup.fromChannelGroupArn(stack, 'ImportedChannelGroup',\n    'arn:aws:mediapackagev2:us-west-2:123456789012:channelGroup/MyChannelGroup',\n);\n```\n\nFor cross-region imports, pass the `region` parameter to ensure the correct ARN is constructed:\n\n```ts\ndeclare const stack: Stack;\nconst channelGroup = ChannelGroup.fromChannelGroupAttributes(stack, 'ImportedChannelGroup', {\n    channelGroupName: 'MyChannelGroup',\n    region: 'us-west-2',\n});\n```\n\n## Channel\n\nA channel is part of a channel group and represents the entry point for a content stream into MediaPackage.\n\n### Input Configuration\n\nChannels support two input types: HLS and CMAF.\n\n```ts\ndeclare const stack: Stack;\ndeclare const group: ChannelGroup;\n\nconst hlsChannel = new Channel(stack, 'HlsChannel', {\n  channelGroup: group,\n  input: InputConfiguration.hls(),\n});\n\nconst cmafChannel = new Channel(stack, 'CmafChannel', {\n  channelGroup: group,\n  input: InputConfiguration.cmaf({\n    inputSwitchConfiguration: {\n      mqcsInputSwitching: true,\n    },\n    outputHeaders: [HeadersCMSD.MQCS],\n  }),\n});\n\nconst simpleCmafChannel = new Channel(stack, 'SimpleCmafChannel', {\n  channelGroup: group,\n  input: InputConfiguration.cmaf({\n    outputHeaders: [HeadersCMSD.MQCS],\n  }),\n});\n```\n\n### Importing an Existing Channel\n\nThe following code imports an existing channel using the name attributes:\n\n```ts\ndeclare const stack: Stack;\nconst channel = Channel.fromChannelAttributes(stack, 'ImportedChannel', {\n    channelName: 'MyChannel',\n    channelGroupName: 'MyChannelGroup',\n});\n```\n\nYou can also import from an ARN:\n\n```ts\ndeclare const stack: Stack;\nconst channel = Channel.fromChannelArn(stack, 'ImportedChannel',\n    'arn:aws:mediapackagev2:us-west-2:123456789012:channelGroup/MyGroup/channel/MyChannel',\n);\n```\n\nImported channels expose a `region` property, which is parsed from the ARN or falls back to the importing stack's region.\n\n### Channel Resource Policy\n\nThe following code creates a resource policy directly on the channel. This\nwill automatically create a policy on the first call:\n\n```ts\ndeclare const channel: Channel;\nchannel.addToResourcePolicy(new PolicyStatement({\n    sid: 'AllowMediaLiveRoleToAccessEmpChannel',\n    principals: [new ArnPrincipal('arn:aws:iam::AccountID:role/MediaLiveAccessRole')],\n    effect: Effect.ALLOW,\n    actions: ['mediapackagev2:PutObject'],\n    resources: [channel.channelArn],\n}));\n```\n\n## Origin Endpoint\n\n```ts\ndeclare const stack: Stack;\ndeclare const channel: Channel;\nnew OriginEndpoint(stack, 'myendpoint', {\n    channel,\n    originEndpointName: 'my-test-endpoint',\n    segment: Segment.cmaf(),\n    manifests: [\n      Manifest.hls({\n        manifestName: 'index',\n      }),\n    ],\n});\n```\n\nThe following code imports an existing origin endpoint using the name attributes:\n\n```ts\ndeclare const stack: Stack;\nconst originEndpoint = OriginEndpoint.fromOriginEndpointAttributes(stack, 'ImportedOriginEndpoint', {\n    channelGroupName: 'MyChannelGroup',\n    channelName: 'MyChannel',\n    originEndpointName: 'MyExampleOriginEndpoint',\n});\n```\n\nYou can also import from an ARN:\n\n```ts\ndeclare const stack: Stack;\nconst originEndpoint = OriginEndpoint.fromOriginEndpointArn(stack, 'ImportedOriginEndpoint',\n    'arn:aws:mediapackagev2:us-west-2:123456789012:channelGroup/MyGroup/channel/MyChannel/originEndpoint/MyEndpoint',\n);\n```\n\nThe following code creates a resource policy on the origin endpoint. This\nwill automatically create a policy on the first call:\n\n```ts\ndeclare const origin: OriginEndpoint;\n\norigin.addToResourcePolicy(new PolicyStatement({\n    sid: 'AllowRequestsFromCloudFront',\n    principals: [new ServicePrincipal('cloudfront.amazonaws.com')],\n    effect: Effect.ALLOW,\n    actions: ['mediapackagev2:GetHeadObject', 'mediapackagev2:GetObject'],\n    resources: [origin.originEndpointArn],\n    conditions: {\n      StringEquals: {\n        'aws:SourceArn': 'arn:aws:cloudfront::123456789012:distribution/AAAAAAAAA',\n      },\n    },\n}));\n```\n\n## Granting Permissions\n\n### Granting Ingest Access to MediaLive\n\nTo allow AWS Elemental MediaLive to ingest content into a MediaPackage channel, use the `grants.ingest()` method:\n\n```ts\ndeclare const channel: Channel;\ndeclare const mediaLiveRole: iam.IRole;\n\n// Grant MediaLive permission to ingest content\nchannel.grants.ingest(mediaLiveRole);\n```\n\n### CloudFront Integration\n\nMediaPackage origin endpoints are designed to be used with Content Delivery Network (CDN) like Amazon CloudFront distributions. CloudFront provides caching, DDoS protection, and global content delivery for your streaming content.\n\nThe simplest way to connect CloudFront to a MediaPackage V2 endpoint is with `MediaPackageV2Origin`, which automatically creates an Origin Access Control (OAC) and wires the endpoint policy:\n\n```ts\ndeclare const endpoint: OriginEndpoint;\ndeclare const group: ChannelGroup;\n\nnew cloudfront.Distribution(this, 'Distribution', {\n  defaultBehavior: {\n    origin: new MediaPackageV2Origin(endpoint, {\n      channelGroup: group,\n    }),\n  },\n});\n```\n\nThis handles OAC creation, HTTPS-only origin config, and the IAM policy granting CloudFront access to the endpoint (including `GetHeadObject` for MQAR support).\n\nFor more control, you can manually configure the policy and OAC:\n\n```ts\ndeclare const originEndpoint: OriginEndpoint;\ndeclare const distribution: cloudfront.Distribution;\n\noriginEndpoint.addToResourcePolicy(new iam.PolicyStatement({\n  sid: 'AllowCloudFrontServicePrincipal',\n  principals: [new iam.ServicePrincipal('cloudfront.amazonaws.com')],\n  effect: iam.Effect.ALLOW,\n  actions: ['mediapackagev2:GetObject', 'mediapackagev2:GetHeadObject'],\n  resources: [originEndpoint.originEndpointArn],\n  conditions: {\n    StringEquals: {\n      'aws:SourceArn': distribution.distributionArn,\n    },\n  },\n}));\n```\n\n> **Graduation plan:** `MediaPackageV2Origin` currently lives in this alpha module. When MediaPackage V2 graduates to stable, it will move to `aws-cloudfront-origins` alongside `S3BucketOrigin` and other origin helpers.\n\n## Manifest Configuration\n\nMediaPackage V2 supports multiple manifest formats: HLS, Low-Latency HLS (LL-HLS), DASH, and Microsoft Smooth Streaming (MSS).\n\n### HLS Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(60),\n      programDateTimeInterval: Duration.seconds(60),\n      scteAdMarkerHls: AdMarkerHls.DATERANGE,\n    }),\n  ],\n});\n```\n\n### Low-Latency HLS Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.lowLatencyHLS({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(30),\n      programDateTimeInterval: Duration.seconds(5),\n      childManifestName: 'child',\n    }),\n  ],\n});\n```\n\n### DASH Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.dash({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(60),\n      minBufferTime: Duration.seconds(30),\n      minUpdatePeriod: Duration.seconds(10),\n      segmentTemplateFormat: SegmentTemplateFormat.NUMBER_WITH_TIMELINE,\n      periodTriggers: [\n        DashPeriodTriggers.AVAILS,\n        DashPeriodTriggers.DRM_KEY_ROTATION,\n      ],\n    }),\n  ],\n});\n```\n\n### MSS Manifests\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.ism(),\n  manifests: [\n    Manifest.mss({\n      manifestName: 'index',\n      manifestWindow: Duration.seconds(60),\n      manifestLayout: MssManifestLayout.COMPACT,\n    }),\n  ],\n});\n```\n\n### Multiple Manifests\n\nYou can configure multiple manifest formats for a single origin endpoint:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({ manifestName: 'hls' }),\n    Manifest.dash({ manifestName: 'dash' }),\n  ],\n});\n```\n\n| Segment type | Supported manifests |\n|--------|--------|\n| Segment.cmaf() | HLS, LL-HLS, DASH |\n| Segment.ts() | HLS, LL-HLS |\n| Segment.ism() | MSS |\n\nEach origin endpoint has a single segment configuration. If you need segments with different configurations, use multiple origin endpoints on the same channel.\n\n@see https://docs.aws.amazon.com/mediapackage/latest/userguide/endpoints-create.html\n\n## Manifest Filtering\n\nManifest filters control which variants are included in the manifest. Filters are type-safe and validated against the [MediaPackage manifest filtering rules](https://docs.aws.amazon.com/mediapackage/latest/userguide/manifest-filter-query-parameters.html).\n\n| Filter | Method |\n|--------|--------|\n| Audio / video bitrate | `bitrate()`, `bitrateRange()`, `bitrateCombo()` |\n| Audio channels, sample rate, video height, framerate, trickplay height | `numeric()`, `numericList()`, `numericRange()`, `numericCombo()` |\n| Audio codec | `audioCodec()`, `audioCodecList()` |\n| Video codec | `videoCodec()`, `videoCodecList()` |\n| Video dynamic range | `videoDynamicRange()`, `videoDynamicRangeList()` |\n| Trickplay type | `trickplayType()`, `trickplayTypeList()` |\n| Audio / subtitle language | `text()`, `textList()` |\n| Advanced patterns | `custom()` |\n\nThe following example creates an HD streaming endpoint that serves only H.264/H.265 content between 1–5 Mbps with stereo audio in English or French:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      filterConfiguration: {\n        manifestFilter: [\n          ManifestFilter.bitrateRange(BitrateFilterKey.VIDEO_BITRATE, Bitrate.mbps(1), Bitrate.mbps(5)),\n          ManifestFilter.numericRange(NumericFilterKey.VIDEO_HEIGHT, 720, 1080),\n          ManifestFilter.videoCodecList([VideoCodec.H264, VideoCodec.H265]),\n          ManifestFilter.numeric(NumericFilterKey.AUDIO_CHANNELS, 2),\n          ManifestFilter.textList(TextFilterKey.AUDIO_LANGUAGE, ['en-US', 'fr']),\n        ],\n        timeDelay: Duration.seconds(30),\n      },\n    }),\n  ],\n});\n```\n\nFor advanced patterns that combine ranges and single values, use `numericCombo()` or `bitrateCombo()`:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      filterConfiguration: {\n        manifestFilter: [\n          // video_height:240-360,720-1080,1440\n          ManifestFilter.numericCombo(NumericFilterKey.VIDEO_HEIGHT, [\n            NumericExpression.range(240, 360),\n            NumericExpression.range(720, 1080),\n            NumericExpression.value(1440),\n          ]),\n        ],\n      },\n    }),\n  ],\n});\n```\n\n### DRM Settings\n\nYou can exclude session keys from HLS and LL-HLS multivariant playlists using the `drmSettings` filter configuration. This improves compatibility with legacy HLS clients and provides more granular access control:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      filterConfiguration: {\n        drmSettings: [DrmSettingsKey.EXCLUDE_SESSION_KEYS],\n      },\n    }),\n  ],\n});\n```\n\n## Start Tag Configuration\n\nConfigure where playback should start in HLS and LL-HLS manifests using the EXT-X-START tag:\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [\n    Manifest.hls({\n      manifestName: 'index',\n      startTag: StartTag.of(10),\n    }),\n  ],\n});\n```\n\n## Segment Configuration\n\nConfigure segment settings for your origin endpoint.\n\n```ts\ndeclare const channel: Channel;\n\nnew OriginEndpoint(this, 'TsEndpoint', {\n  channel,\n  segment: Segment.ts({\n    duration: Duration.seconds(6),\n    name: 'segment',\n    includeDvbSubtitles: true,\n    useAudioRenditionGroup: true,\n    includeIframeOnlyStreams: false,\n    scteFilter: [\n      ScteMessageType.BREAK,\n      ScteMessageType.DISTRIBUTOR_ADVERTISEMENT,\n    ],\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n\nnew OriginEndpoint(this, 'CmafEndpoint', {\n  channel,\n  segment: Segment.cmaf({\n    duration: Duration.seconds(6),\n    name: 'segment',\n    includeIframeOnlyStreams: true,\n    scteFilter: [ScteMessageType.DISTRIBUTOR_ADVERTISEMENT],\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf(),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n## Encryption and DRM\n\nProtect your content with encryption using SPEKE (Secure Packager and Encoder Key Exchange). Each container type has its own encryption class with type-safe options:\n\n### CMAF Encryption\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf({\n    encryption: CmafEncryption.speke({\n      method: CmafEncryptionMethod.CBCS,\n      drmSystems: [CmafDrmSystem.FAIRPLAY, CmafDrmSystem.WIDEVINE],\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n      keyRotationInterval: Duration.seconds(300),\n      audioPreset: PresetSpeke20Audio.PRESET_AUDIO_2,\n      videoPreset: PresetSpeke20Video.PRESET_VIDEO_2,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n### TS Encryption\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'TsEndpoint', {\n  channel,\n  segment: Segment.ts({\n    encryption: TsEncryption.speke({\n      method: TsEncryptionMethod.SAMPLE_AES,\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\nTS encryption defaults the DRM system based on the method: FairPlay for `SAMPLE_AES`, Clear Key AES 128 for `AES_128`. You can override this with the `drmSystems` property using `TsDrmSystem`.\n\n### Content Key Encryption\n\nYou can add content key encryption by providing a certificate imported into AWS Certificate Manager. Your DRM key provider must support content key encryption for this to work:\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\ndeclare const certificate: certificatemanager.ICertificate;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf({\n    encryption: CmafEncryption.speke({\n      method: CmafEncryptionMethod.CBCS,\n      drmSystems: [CmafDrmSystem.FAIRPLAY],\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n      certificate,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n### Excluding Segment DRM Metadata\n\nFor CMAF content, you can exclude DRM metadata from segments:\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'Endpoint', {\n  channel,\n  segment: Segment.cmaf({\n    encryption: CmafEncryption.speke({\n      method: CmafEncryptionMethod.CBCS,\n      drmSystems: [CmafDrmSystem.FAIRPLAY],\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n      excludeSegmentDrmMetadata: true,\n    }),\n  }),\n  manifests: [Manifest.hls({ manifestName: 'index' })],\n});\n```\n\n### ISM (Smooth Streaming) Encryption\n\nISM endpoints use CENC encryption with PlayReady. Audio and video presets are always `SHARED`, and key rotation is not supported. The DRM system defaults to PlayReady:\n\n```ts\ndeclare const channel: Channel;\ndeclare const spekeRole: iam.IRole;\n\nnew OriginEndpoint(this, 'IsmEndpoint', {\n  channel,\n  segment: Segment.ism({\n    encryption: IsmEncryption.speke({\n      resourceId: 'my-content-id',\n      url: 'https://example.com/speke',\n      role: spekeRole,\n    }),\n  }),\n  manifests: [Manifest.mss({ manifestName: 'index' })],\n});\n```\n\n## CloudWatch Metrics\n\nMediaPackage V2 resources expose CloudWatch metrics for monitoring. You can create alarms and dashboards using these metrics:\n\n```ts\ndeclare const channelGroup: ChannelGroup;\ndeclare const channel: Channel;\ndeclare const endpoint: OriginEndpoint;\n\n// Create a CloudWatch alarm on channel group egress bytes\nconst alarm = channelGroup.metricEgressBytes().createAlarm(this, 'HighEgress', {\n  threshold: 1000,\n  evaluationPeriods: 1,\n});\n\n// Monitor channel ingress response time\nchannel.metricIngressResponseTime().createAlarm(this, 'SlowIngress', {\n  threshold: 1000,\n  evaluationPeriods: 2,\n});\n\n// Track origin endpoint request count\nconst requestMetric = endpoint.metricEgressRequestCount({\n  statistic: 'sum',\n  period: Duration.minutes(5),\n});\n```\n\nAvailable metrics include:\n\n- `metricIngressBytes()` - Bytes ingested\n- `metricEgressBytes()` - Bytes delivered\n- `metricIngressResponseTime()` - Ingress response time (average)\n- `metricEgressResponseTime()` - Egress response time (average)\n- `metricIngressRequestCount()` - Number of ingress requests\n- `metricEgressRequestCount()` - Number of egress requests\n\nAll metrics support standard CloudWatch metric options for customizing period, statistic, and dimensions.\n"
   },
   "repository": {
     "directory": "packages/@aws-cdk/aws-mediapackagev2-alpha",
@@ -15841,6 +15841,179 @@
       ],
       "symbolId": "lib/endpoint:ManifestFilter"
     },
+    "@aws-cdk/aws-mediapackagev2-alpha.MediaPackageV2Origin": {
+      "assembly": "@aws-cdk/aws-mediapackagev2-alpha",
+      "base": "aws-cdk-lib.aws_cloudfront.OriginBase",
+      "docs": {
+        "example": "   declare const endpoint: OriginEndpoint;\n   declare const group: ChannelGroup;\n\n   new cloudfront.Distribution(this, 'Dist', {\n     defaultBehavior: {\n       origin: new MediaPackageV2Origin(endpoint, {\n         channelGroup: group,\n       }),\n     },\n   });",
+        "remarks": "Automatically creates an OAC and wires the origin endpoint policy\nto grant the CloudFront distribution access.\n\nUses `addToResourcePolicy()` on the origin endpoint, which is compatible\nwith other policy statements added to the same endpoint. Do not use this\nalongside a manually created `OriginEndpointPolicy` construct for the same endpoint.",
+        "see": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.html",
+        "stability": "experimental",
+        "summary": "A CloudFront Origin for AWS Elemental MediaPackage V2 endpoints."
+      },
+      "fqn": "@aws-cdk/aws-mediapackagev2-alpha.MediaPackageV2Origin",
+      "initializer": {
+        "docs": {
+          "stability": "experimental"
+        },
+        "locationInModule": {
+          "filename": "lib/cloudfront-origin.ts",
+          "line": 71
+        },
+        "parameters": [
+          {
+            "name": "endpoint",
+            "type": {
+              "fqn": "@aws-cdk/aws-mediapackagev2-alpha.IOriginEndpoint"
+            }
+          },
+          {
+            "name": "props",
+            "type": {
+              "fqn": "@aws-cdk/aws-mediapackagev2-alpha.MediaPackageV2OriginProps"
+            }
+          }
+        ]
+      },
+      "kind": "class",
+      "locationInModule": {
+        "filename": "lib/cloudfront-origin.ts",
+        "line": 66
+      },
+      "methods": [
+        {
+          "docs": {
+            "remarks": "Can be used to grant permissions, create dependent resources, etc.",
+            "stability": "experimental",
+            "summary": "Binds the origin to the associated Distribution."
+          },
+          "locationInModule": {
+            "filename": "lib/cloudfront-origin.ts",
+            "line": 91
+          },
+          "name": "bind",
+          "overrides": "aws-cdk-lib.aws_cloudfront.OriginBase",
+          "parameters": [
+            {
+              "name": "scope",
+              "type": {
+                "fqn": "constructs.Construct"
+              }
+            },
+            {
+              "name": "options",
+              "type": {
+                "fqn": "aws-cdk-lib.aws_cloudfront.OriginBindOptions"
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "aws-cdk-lib.aws_cloudfront.OriginBindConfig"
+            }
+          }
+        },
+        {
+          "docs": {
+            "stability": "experimental"
+          },
+          "locationInModule": {
+            "filename": "lib/cloudfront-origin.ts",
+            "line": 84
+          },
+          "name": "renderCustomOriginConfig",
+          "overrides": "aws-cdk-lib.aws_cloudfront.OriginBase",
+          "protected": true,
+          "returns": {
+            "optional": true,
+            "type": {
+              "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution.CustomOriginConfigProperty"
+            }
+          }
+        }
+      ],
+      "name": "MediaPackageV2Origin",
+      "symbolId": "lib/cloudfront-origin:MediaPackageV2Origin"
+    },
+    "@aws-cdk/aws-mediapackagev2-alpha.MediaPackageV2OriginProps": {
+      "assembly": "@aws-cdk/aws-mediapackagev2-alpha",
+      "datatype": true,
+      "docs": {
+        "stability": "experimental",
+        "summary": "Properties for a MediaPackage V2 Origin with OAC.",
+        "example": "declare const endpoint: OriginEndpoint;\ndeclare const group: ChannelGroup;\n\nnew cloudfront.Distribution(this, 'Distribution', {\n  defaultBehavior: {\n    origin: new MediaPackageV2Origin(endpoint, {\n      channelGroup: group,\n    }),\n  },\n});",
+        "custom": {
+          "exampleMetadata": "infused"
+        }
+      },
+      "fqn": "@aws-cdk/aws-mediapackagev2-alpha.MediaPackageV2OriginProps",
+      "interfaces": [
+        "aws-cdk-lib.aws_cloudfront.OriginProps"
+      ],
+      "kind": "interface",
+      "locationInModule": {
+        "filename": "lib/cloudfront-origin.ts",
+        "line": 14
+      },
+      "name": "MediaPackageV2OriginProps",
+      "properties": [
+        {
+          "abstract": true,
+          "docs": {
+            "remarks": "Used to derive the egress domain for the CloudFront origin.",
+            "stability": "experimental",
+            "summary": "The channel group that the origin endpoint belongs to."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "lib/cloudfront-origin.ts",
+            "line": 20
+          },
+          "name": "channelGroup",
+          "type": {
+            "fqn": "@aws-cdk/aws-mediapackagev2-alpha.IChannelGroup"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "default": "- no CDN authorization",
+            "remarks": "If you need CDN auth on this endpoint, provide it here so it is configured\non the first `addToResourcePolicy` call. If CDN auth is added separately\nafter this origin is bound, it will be ignored.",
+            "stability": "experimental",
+            "summary": "Optional CDN authorization configuration."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "lib/cloudfront-origin.ts",
+            "line": 38
+          },
+          "name": "cdnAuth",
+          "optional": true,
+          "type": {
+            "fqn": "@aws-cdk/aws-mediapackagev2-alpha.CdnAuthConfiguration"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "default": "- an Origin Access Control will be created automatically.",
+            "stability": "experimental",
+            "summary": "An optional Origin Access Control."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "lib/cloudfront-origin.ts",
+            "line": 27
+          },
+          "name": "originAccessControl",
+          "optional": true,
+          "type": {
+            "fqn": "aws-cdk-lib.interfaces.aws_cloudfront.IOriginAccessControlRef"
+          }
+        }
+      ],
+      "symbolId": "lib/cloudfront-origin:MediaPackageV2OriginProps"
+    },
     "@aws-cdk/aws-mediapackagev2-alpha.MssManifestConfiguration": {
       "assembly": "@aws-cdk/aws-mediapackagev2-alpha",
       "datatype": true,
@@ -18851,6 +19024,6 @@
       "symbolId": "lib/endpoint:VideoDynamicRange"
     }
   },
-  "version": "2.253.1-alpha.0",
+  "version": "2.255.0-alpha.0",
   "fingerprint": "**********"
 }

package/.jsii.tabl.json.gz CHANGED Viewed

Binary file

package/.warnings.jsii.js CHANGED Viewed

@@ -211,6 +211,17 @@ const VALIDATORS = { _aws_cdk_aws_mediapackagev2_alpha_FilterConfiguration: func
         finally {
             visitedObjects.delete(p);
         }
+    }, _aws_cdk_aws_mediapackagev2_alpha_MediaPackageV2OriginProps: function _aws_cdk_aws_mediapackagev2_alpha_MediaPackageV2OriginProps(p) {
+        if (p == null)
+            return;
+        visitedObjects.add(p);
+        try {
+            if (!visitedObjects.has(p.cdnAuth))
+                module.exports._aws_cdk_aws_mediapackagev2_alpha_CdnAuthConfiguration(p.cdnAuth);
+        }
+        finally {
+            visitedObjects.delete(p);
+        }
     } };
 function print(name, deprecationMessage) {
     const deprecated = process.env.JSII_DEPRECATED;

package/README.md CHANGED Viewed

@@ -261,7 +261,24 @@ channel.grants.ingest(mediaLiveRole);
 MediaPackage origin endpoints are designed to be used with Content Delivery Network (CDN) like Amazon CloudFront distributions. CloudFront provides caching, DDoS protection, and global content delivery for your streaming content.
-To allow a CloudFront distribution to access a MediaPackage origin endpoint, add a resource policy with the CloudFront service principal:
+The simplest way to connect CloudFront to a MediaPackage V2 endpoint is with `MediaPackageV2Origin`, which automatically creates an Origin Access Control (OAC) and wires the endpoint policy:
+```ts
+declare const endpoint: OriginEndpoint;
+declare const group: ChannelGroup;
+new cloudfront.Distribution(this, 'Distribution', {
+  defaultBehavior: {
+    origin: new MediaPackageV2Origin(endpoint, {
+      channelGroup: group,
+    }),
+  },
+});
+```
+This handles OAC creation, HTTPS-only origin config, and the IAM policy granting CloudFront access to the endpoint (including `GetHeadObject` for MQAR support).
+For more control, you can manually configure the policy and OAC:
 ```ts
 declare const originEndpoint: OriginEndpoint;
@@ -281,7 +298,7 @@ originEndpoint.addToResourcePolicy(new iam.PolicyStatement({
 }));
 ```
-You can complete the confirmation with an OAC (Origin Access Control) Policy on the CloudFront Distribution.
+> **Graduation plan:** `MediaPackageV2Origin` currently lives in this alpha module. When MediaPackage V2 graduates to stable, it will move to `aws-cloudfront-origins` alongside `S3BucketOrigin` and other origin helpers.
 ## Manifest Configuration

package/lib/channel-policy.js CHANGED Viewed

@@ -76,7 +76,7 @@ let ChannelPolicy = (() => {
             ChannelPolicy = _classThis = _classDescriptor.value;
             if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
         }
-        static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.ChannelPolicy", version: "2.253.1-alpha.0" };
+        static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.ChannelPolicy", version: "2.255.0-alpha.0" };
         /** Uniquely identifies this class. */
         static PROPERTY_INJECTION_ID = '@aws-cdk.aws-mediapackagev2-alpha.ChannelPolicy';
         /**

package/lib/channel.js CHANGED Viewed

@@ -80,7 +80,7 @@ var IngestEndpoint;
  */
 class HeadersCMSD {
     value;
-    static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.HeadersCMSD", version: "2.253.1-alpha.0" };
+    static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.HeadersCMSD", version: "2.255.0-alpha.0" };
     /**
      * Media Quality Confidence Score
      */
@@ -111,7 +111,7 @@ class InputConfiguration {
     inputType;
     inputSwitchConfiguration;
     outputHeaders;
-    static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.InputConfiguration", version: "2.253.1-alpha.0" };
+    static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.InputConfiguration", version: "2.255.0-alpha.0" };
     /**
      * Create an HLS input configuration
      */
@@ -357,7 +357,7 @@ let Channel = (() => {
             Channel = _classThis = _classDescriptor.value;
             if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
         }
-        static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.Channel", version: "2.253.1-alpha.0" };
+        static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.Channel", version: "2.255.0-alpha.0" };
         /** Uniquely identifies this class. */
         static PROPERTY_INJECTION_ID = '@aws-cdk.aws-mediapackagev2-alpha.Channel';
         channelGroupName;

package/lib/cloudfront-origin.d.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+import type { Construct } from 'constructs';
+import type { IOriginEndpoint } from './endpoint';
+import type { IChannelGroup } from './group';
+import type { CdnAuthConfiguration } from './origin-endpoint-policy';
+/**
+ * Properties for a MediaPackage V2 Origin with OAC.
+ */
+export interface MediaPackageV2OriginProps extends cloudfront.OriginProps {
+    /**
+     * The channel group that the origin endpoint belongs to.
+     *
+     * Used to derive the egress domain for the CloudFront origin.
+     */
+    readonly channelGroup: IChannelGroup;
+    /**
+     * An optional Origin Access Control.
+     *
+     * @default - an Origin Access Control will be created automatically.
+     */
+    readonly originAccessControl?: cloudfront.IOriginAccessControlRef;
+    /**
+     * Optional CDN authorization configuration.
+     *
+     * If you need CDN auth on this endpoint, provide it here so it is configured
+     * on the first `addToResourcePolicy` call. If CDN auth is added separately
+     * after this origin is bound, it will be ignored.
+     *
+     * @default - no CDN authorization
+     */
+    readonly cdnAuth?: CdnAuthConfiguration;
+}
+/**
+ * A CloudFront Origin for AWS Elemental MediaPackage V2 endpoints.
+ *
+ * Automatically creates an OAC and wires the origin endpoint policy
+ * to grant the CloudFront distribution access.
+ *
+ * Uses `addToResourcePolicy()` on the origin endpoint, which is compatible
+ * with other policy statements added to the same endpoint. Do not use this
+ * alongside a manually created `OriginEndpointPolicy` construct for the same endpoint.
+ *
+ * @example
+ *
+ *    declare const endpoint: OriginEndpoint;
+ *    declare const group: ChannelGroup;
+ *
+ *    new cloudfront.Distribution(this, 'Dist', {
+ *      defaultBehavior: {
+ *        origin: new MediaPackageV2Origin(endpoint, {
+ *          channelGroup: group,
+ *        }),
+ *      },
+ *    });
+ *
+ * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.html
+ */
+export declare class MediaPackageV2Origin extends cloudfront.OriginBase {
+    private originAccessControl?;
+    private readonly endpoint;
+    private readonly cdnAuth?;
+    constructor(endpoint: IOriginEndpoint, props: MediaPackageV2OriginProps);
+    protected renderCustomOriginConfig(): cloudfront.CfnDistribution.CustomOriginConfigProperty | undefined;
+    bind(scope: Construct, options: cloudfront.OriginBindOptions): cloudfront.OriginBindConfig;
+}

package/lib/cloudfront-origin.js ADDED Viewed

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MediaPackageV2Origin = void 0;
+const jsiiDeprecationWarnings = require("../.warnings.jsii.js");
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const cdk = require("aws-cdk-lib");
+const cloudfront = require("aws-cdk-lib/aws-cloudfront");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+const core_1 = require("aws-cdk-lib/core");
+const helpers_internal_1 = require("aws-cdk-lib/core/lib/helpers-internal");
+/**
+ * A CloudFront Origin for AWS Elemental MediaPackage V2 endpoints.
+ *
+ * Automatically creates an OAC and wires the origin endpoint policy
+ * to grant the CloudFront distribution access.
+ *
+ * Uses `addToResourcePolicy()` on the origin endpoint, which is compatible
+ * with other policy statements added to the same endpoint. Do not use this
+ * alongside a manually created `OriginEndpointPolicy` construct for the same endpoint.
+ *
+ * @example
+ *
+ *    declare const endpoint: OriginEndpoint;
+ *    declare const group: ChannelGroup;
+ *
+ *    new cloudfront.Distribution(this, 'Dist', {
+ *      defaultBehavior: {
+ *        origin: new MediaPackageV2Origin(endpoint, {
+ *          channelGroup: group,
+ *        }),
+ *      },
+ *    });
+ *
+ * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.html
+ */
+class MediaPackageV2Origin extends cloudfront.OriginBase {
+    static [JSII_RTTI_SYMBOL_1] = { fqn: "@aws-cdk/aws-mediapackagev2-alpha.MediaPackageV2Origin", version: "2.255.0-alpha.0" };
+    originAccessControl;
+    endpoint;
+    cdnAuth;
+    constructor(endpoint, props) {
+        try {
+            jsiiDeprecationWarnings._aws_cdk_aws_mediapackagev2_alpha_IOriginEndpoint(endpoint);
+            jsiiDeprecationWarnings._aws_cdk_aws_mediapackagev2_alpha_MediaPackageV2OriginProps(props);
+        }
+        catch (error) {
+            if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
+                Error.captureStackTrace(error, MediaPackageV2Origin);
+            }
+            throw error;
+        }
+        if (!props.channelGroup.egressDomain) {
+            throw new core_1.UnscopedValidationError((0, helpers_internal_1.lit) `MissingEgressDomain`, 'The channel group must have an egressDomain to use as a CloudFront origin. Provide egressDomain when importing the channel group.');
+        }
+        super(props.channelGroup.egressDomain, props);
+        this.endpoint = endpoint;
+        this.originAccessControl = props.originAccessControl;
+        this.cdnAuth = props.cdnAuth;
+    }
+    renderCustomOriginConfig() {
+        return {
+            originSslProtocols: [cloudfront.OriginSslPolicy.TLS_V1_2],
+            originProtocolPolicy: cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
+        };
+    }
+    bind(scope, options) {
+        const originBindConfig = super.bind(scope, options);
+        if (!this.originAccessControl) {
+            this.originAccessControl = new cloudfront.MediaPackageV2OriginAccessControl(scope, 'MediaPackageV2OAC');
+        }
+        // Grant the CloudFront distribution access to the MediaPackage V2 origin endpoint
+        // Includes GetHeadObject for MQAR (Media Quality-Aware Resiliency) support
+        // @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.html
+        this.endpoint.addToResourcePolicy(new aws_iam_1.PolicyStatement({
+            sid: 'AllowCloudFrontServicePrincipal',
+            effect: aws_iam_1.Effect.ALLOW,
+            principals: [new aws_iam_1.ServicePrincipal('cloudfront.amazonaws.com')],
+            actions: ['mediapackagev2:GetObject', 'mediapackagev2:GetHeadObject'],
+            resources: [this.endpoint.originEndpointArn],
+            conditions: {
+                StringEquals: {
+                    'aws:SourceArn': cdk.Stack.of(scope).formatArn({
+                        service: 'cloudfront',
+                        region: '',
+                        resource: 'distribution',
+                        resourceName: options.distributionId,
+                    }),
+                },
+            },
+        }), this.cdnAuth);
+        return {
+            ...originBindConfig,
+            originProperty: {
+                ...originBindConfig.originProperty,
+                originAccessControlId: this.originAccessControl.originAccessControlRef.originAccessControlId,
+            },
+        };
+    }
+}
+exports.MediaPackageV2Origin = MediaPackageV2Origin;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xvdWRmcm9udC1vcmlnaW4uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJjbG91ZGZyb250LW9yaWdpbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLG1DQUFtQztBQUNuQyx5REFBeUQ7QUFDekQsaURBQWdGO0FBQ2hGLDJDQUEyRDtBQUMzRCw0RUFBNEQ7QUFvQzVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0F3Qkc7QUFDSCxNQUFhLG9CQUFxQixTQUFRLFVBQVUsQ0FBQyxVQUFVOztJQUNyRCxtQkFBbUIsQ0FBc0M7SUFDaEQsUUFBUSxDQUFrQjtJQUMxQixPQUFPLENBQXdCO0lBRWhELFlBQVksUUFBeUIsRUFBRSxLQUFnQzs7Ozs7OzsrQ0FMNUQsb0JBQW9COzs7O1FBTTdCLElBQUksQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3JDLE1BQU0sSUFBSSw4QkFBdUIsQ0FDL0IsSUFBQSxzQkFBRyxFQUFBLHFCQUFxQixFQUN4QixtSUFBbUksQ0FDcEksQ0FBQztRQUNKLENBQUM7UUFDRCxLQUFLLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxZQUFZLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDOUMsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLENBQUM7UUFDekIsSUFBSSxDQUFDLG1CQUFtQixHQUFHLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQztRQUNyRCxJQUFJLENBQUMsT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUM7S0FDOUI7SUFFUyx3QkFBd0I7UUFDaEMsT0FBTztZQUNMLGtCQUFrQixFQUFFLENBQUMsVUFBVSxDQUFDLGVBQWUsQ0FBQyxRQUFRLENBQUM7WUFDekQsb0JBQW9CLEVBQUUsVUFBVSxDQUFDLG9CQUFvQixDQUFDLFVBQVU7U0FDakUsQ0FBQztLQUNIO0lBRU0sSUFBSSxDQUFDLEtBQWdCLEVBQUUsT0FBcUM7UUFDakUsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUVwRCxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDOUIsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksVUFBVSxDQUFDLGlDQUFpQyxDQUFDLEtBQUssRUFBRSxtQkFBbUIsQ0FBQyxDQUFDO1FBQzFHLENBQUM7UUFFRCxrRkFBa0Y7UUFDbEYsMkVBQTJFO1FBQzNFLGtJQUFrSTtRQUNsSSxJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQixDQUMvQixJQUFJLHlCQUFlLENBQUM7WUFDbEIsR0FBRyxFQUFFLGlDQUFpQztZQUN0QyxNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLO1lBQ3BCLFVBQVUsRUFBRSxDQUFDLElBQUksMEJBQWdCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztZQUM5RCxPQUFPLEVBQUUsQ0FBQywwQkFBMEIsRUFBRSw4QkFBOEIsQ0FBQztZQUNyRSxTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO1lBQzVDLFVBQVUsRUFBRTtnQkFDVixZQUFZLEVBQUU7b0JBQ1osZUFBZSxFQUFFLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLFNBQVMsQ0FBQzt3QkFDN0MsT0FBTyxFQUFFLFlBQVk7d0JBQ3JCLE1BQU0sRUFBRSxFQUFFO3dCQUNWLFFBQVEsRUFBRSxjQUFjO3dCQUN4QixZQUFZLEVBQUUsT0FBTyxDQUFDLGNBQWM7cUJBQ3JDLENBQUM7aUJBQ0g7YUFDRjtTQUNGLENBQUMsRUFDRixJQUFJLENBQUMsT0FBTyxDQUNiLENBQUM7UUFFRixPQUFPO1lBQ0wsR0FBRyxnQkFBZ0I7WUFDbkIsY0FBYyxFQUFFO2dCQUNkLEdBQUcsZ0JBQWdCLENBQUMsY0FBZTtnQkFDbkMscUJBQXFCLEVBQUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLHNCQUFzQixDQUFDLHFCQUFxQjthQUM3RjtTQUNGLENBQUM7S0FDSDs7QUEvREgsb0RBZ0VDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGNsb3VkZnJvbnQgZnJvbSAnYXdzLWNkay1saWIvYXdzLWNsb3VkZnJvbnQnO1xuaW1wb3J0IHsgRWZmZWN0LCBQb2xpY3lTdGF0ZW1lbnQsIFNlcnZpY2VQcmluY2lwYWwgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IFVuc2NvcGVkVmFsaWRhdGlvbkVycm9yIH0gZnJvbSAnYXdzLWNkay1saWIvY29yZSc7XG5pbXBvcnQgeyBsaXQgfSBmcm9tICdhd3MtY2RrLWxpYi9jb3JlL2xpYi9oZWxwZXJzLWludGVybmFsJztcbmltcG9ydCB0eXBlIHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgdHlwZSB7IElPcmlnaW5FbmRwb2ludCB9IGZyb20gJy4vZW5kcG9pbnQnO1xuaW1wb3J0IHR5cGUgeyBJQ2hhbm5lbEdyb3VwIH0gZnJvbSAnLi9ncm91cCc7XG5pbXBvcnQgdHlwZSB7IENkbkF1dGhDb25maWd1cmF0aW9uIH0gZnJvbSAnLi9vcmlnaW4tZW5kcG9pbnQtcG9saWN5JztcblxuLyoqXG4gKiBQcm9wZXJ0aWVzIGZvciBhIE1lZGlhUGFja2FnZSBWMiBPcmlnaW4gd2l0aCBPQUMuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgTWVkaWFQYWNrYWdlVjJPcmlnaW5Qcm9wcyBleHRlbmRzIGNsb3VkZnJvbnQuT3JpZ2luUHJvcHMge1xuICAvKipcbiAgICogVGhlIGNoYW5uZWwgZ3JvdXAgdGhhdCB0aGUgb3JpZ2luIGVuZHBvaW50IGJlbG9uZ3MgdG8uXG4gICAqXG4gICAqIFVzZWQgdG8gZGVyaXZlIHRoZSBlZ3Jlc3MgZG9tYWluIGZvciB0aGUgQ2xvdWRGcm9udCBvcmlnaW4uXG4gICAqL1xuICByZWFkb25seSBjaGFubmVsR3JvdXA6IElDaGFubmVsR3JvdXA7XG5cbiAgLyoqXG4gICAqIEFuIG9wdGlvbmFsIE9yaWdpbiBBY2Nlc3MgQ29udHJvbC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBhbiBPcmlnaW4gQWNjZXNzIENvbnRyb2wgd2lsbCBiZSBjcmVhdGVkIGF1dG9tYXRpY2FsbHkuXG4gICAqL1xuICByZWFkb25seSBvcmlnaW5BY2Nlc3NDb250cm9sPzogY2xvdWRmcm9udC5JT3JpZ2luQWNjZXNzQ29udHJvbFJlZjtcblxuICAvKipcbiAgICogT3B0aW9uYWwgQ0ROIGF1dGhvcml6YXRpb24gY29uZmlndXJhdGlvbi5cbiAgICpcbiAgICogSWYgeW91IG5lZWQgQ0ROIGF1dGggb24gdGhpcyBlbmRwb2ludCwgcHJvdmlkZSBpdCBoZXJlIHNvIGl0IGlzIGNvbmZpZ3VyZWRcbiAgICogb24gdGhlIGZpcnN0IGBhZGRUb1Jlc291cmNlUG9saWN5YCBjYWxsLiBJZiBDRE4gYXV0aCBpcyBhZGRlZCBzZXBhcmF0ZWx5XG4gICAqIGFmdGVyIHRoaXMgb3JpZ2luIGlzIGJvdW5kLCBpdCB3aWxsIGJlIGlnbm9yZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gQ0ROIGF1dGhvcml6YXRpb25cbiAgICovXG4gIHJlYWRvbmx5IGNkbkF1dGg/OiBDZG5BdXRoQ29uZmlndXJhdGlvbjtcbn1cblxuLyoqXG4gKiBBIENsb3VkRnJvbnQgT3JpZ2luIGZvciBBV1MgRWxlbWVudGFsIE1lZGlhUGFja2FnZSBWMiBlbmRwb2ludHMuXG4gKlxuICogQXV0b21hdGljYWxseSBjcmVhdGVzIGFuIE9BQyBhbmQgd2lyZXMgdGhlIG9yaWdpbiBlbmRwb2ludCBwb2xpY3lcbiAqIHRvIGdyYW50IHRoZSBDbG91ZEZyb250IGRpc3RyaWJ1dGlvbiBhY2Nlc3MuXG4gKlxuICogVXNlcyBgYWRkVG9SZXNvdXJjZVBvbGljeSgpYCBvbiB0aGUgb3JpZ2luIGVuZHBvaW50LCB3aGljaCBpcyBjb21wYXRpYmxlXG4gKiB3aXRoIG90aGVyIHBvbGljeSBzdGF0ZW1lbnRzIGFkZGVkIHRvIHRoZSBzYW1lIGVuZHBvaW50LiBEbyBub3QgdXNlIHRoaXNcbiAqIGFsb25nc2lkZSBhIG1hbnVhbGx5IGNyZWF0ZWQgYE9yaWdpbkVuZHBvaW50UG9saWN5YCBjb25zdHJ1Y3QgZm9yIHRoZSBzYW1lIGVuZHBvaW50LlxuICpcbiAqIEBleGFtcGxlXG4gKlxuICogICAgZGVjbGFyZSBjb25zdCBlbmRwb2ludDogT3JpZ2luRW5kcG9pbnQ7XG4gKiAgICBkZWNsYXJlIGNvbnN0IGdyb3VwOiBDaGFubmVsR3JvdXA7XG4gKlxuICogICAgbmV3IGNsb3VkZnJvbnQuRGlzdHJpYnV0aW9uKHRoaXMsICdEaXN0Jywge1xuICogICAgICBkZWZhdWx0QmVoYXZpb3I6IHtcbiAqICAgICAgICBvcmlnaW46IG5ldyBNZWRpYVBhY2thZ2VWMk9yaWdpbihlbmRwb2ludCwge1xuICogICAgICAgICAgY2hhbm5lbEdyb3VwOiBncm91cCxcbiAqICAgICAgICB9KSxcbiAqICAgICAgfSxcbiAqICAgIH0pO1xuICpcbiAqIEBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL3ByaXZhdGUtY29udGVudC1yZXN0cmljdGluZy1hY2Nlc3MtdG8tbWVkaWFwYWNrYWdlLmh0bWxcbiAqL1xuZXhwb3J0IGNsYXNzIE1lZGlhUGFja2FnZVYyT3JpZ2luIGV4dGVuZHMgY2xvdWRmcm9udC5PcmlnaW5CYXNlIHtcbiAgcHJpdmF0ZSBvcmlnaW5BY2Nlc3NDb250cm9sPzogY2xvdWRmcm9udC5JT3JpZ2luQWNjZXNzQ29udHJvbFJlZjtcbiAgcHJpdmF0ZSByZWFkb25seSBlbmRwb2ludDogSU9yaWdpbkVuZHBvaW50O1xuICBwcml2YXRlIHJlYWRvbmx5IGNkbkF1dGg/OiBDZG5BdXRoQ29uZmlndXJhdGlvbjtcblxuICBjb25zdHJ1Y3RvcihlbmRwb2ludDogSU9yaWdpbkVuZHBvaW50LCBwcm9wczogTWVkaWFQYWNrYWdlVjJPcmlnaW5Qcm9wcykge1xuICAgIGlmICghcHJvcHMuY2hhbm5lbEdyb3VwLmVncmVzc0RvbWFpbikge1xuICAgICAgdGhyb3cgbmV3IFVuc2NvcGVkVmFsaWRhdGlvbkVycm9yKFxuICAgICAgICBsaXRgTWlzc2luZ0VncmVzc0RvbWFpbmAsXG4gICAgICAgICdUaGUgY2hhbm5lbCBncm91cCBtdXN0IGhhdmUgYW4gZWdyZXNzRG9tYWluIHRvIHVzZSBhcyBhIENsb3VkRnJvbnQgb3JpZ2luLiBQcm92aWRlIGVncmVzc0RvbWFpbiB3aGVuIGltcG9ydGluZyB0aGUgY2hhbm5lbCBncm91cC4nLFxuICAgICAgKTtcbiAgICB9XG4gICAgc3VwZXIocHJvcHMuY2hhbm5lbEdyb3VwLmVncmVzc0RvbWFpbiwgcHJvcHMpO1xuICAgIHRoaXMuZW5kcG9pbnQgPSBlbmRwb2ludDtcbiAgICB0aGlzLm9yaWdpbkFjY2Vzc0NvbnRyb2wgPSBwcm9wcy5vcmlnaW5BY2Nlc3NDb250cm9sO1xuICAgIHRoaXMuY2RuQXV0aCA9IHByb3BzLmNkbkF1dGg7XG4gIH1cblxuICBwcm90ZWN0ZWQgcmVuZGVyQ3VzdG9tT3JpZ2luQ29uZmlnKCk6IGNsb3VkZnJvbnQuQ2ZuRGlzdHJpYnV0aW9uLkN1c3RvbU9yaWdpbkNvbmZpZ1Byb3BlcnR5IHwgdW5kZWZpbmVkIHtcbiAgICByZXR1cm4ge1xuICAgICAgb3JpZ2luU3NsUHJvdG9jb2xzOiBbY2xvdWRmcm9udC5PcmlnaW5Tc2xQb2xpY3kuVExTX1YxXzJdLFxuICAgICAgb3JpZ2luUHJvdG9jb2xQb2xpY3k6IGNsb3VkZnJvbnQuT3JpZ2luUHJvdG9jb2xQb2xpY3kuSFRUUFNfT05MWSxcbiAgICB9O1xuICB9XG5cbiAgcHVibGljIGJpbmQoc2NvcGU6IENvbnN0cnVjdCwgb3B0aW9uczogY2xvdWRmcm9udC5PcmlnaW5CaW5kT3B0aW9ucyk6IGNsb3VkZnJvbnQuT3JpZ2luQmluZENvbmZpZyB7XG4gICAgY29uc3Qgb3JpZ2luQmluZENvbmZpZyA9IHN1cGVyLmJpbmQoc2NvcGUsIG9wdGlvbnMpO1xuXG4gICAgaWYgKCF0aGlzLm9yaWdpbkFjY2Vzc0NvbnRyb2wpIHtcbiAgICAgIHRoaXMub3JpZ2luQWNjZXNzQ29udHJvbCA9IG5ldyBjbG91ZGZyb250Lk1lZGlhUGFja2FnZVYyT3JpZ2luQWNjZXNzQ29udHJvbChzY29wZSwgJ01lZGlhUGFja2FnZVYyT0FDJyk7XG4gICAgfVxuXG4gICAgLy8gR3JhbnQgdGhlIENsb3VkRnJvbnQgZGlzdHJpYnV0aW9uIGFjY2VzcyB0byB0aGUgTWVkaWFQYWNrYWdlIFYyIG9yaWdpbiBlbmRwb2ludFxuICAgIC8vIEluY2x1ZGVzIEdldEhlYWRPYmplY3QgZm9yIE1RQVIgKE1lZGlhIFF1YWxpdHktQXdhcmUgUmVzaWxpZW5jeSkgc3VwcG9ydFxuICAgIC8vIEBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL3ByaXZhdGUtY29udGVudC1yZXN0cmljdGluZy1hY2Nlc3MtdG8tbWVkaWFwYWNrYWdlLmh0bWxcbiAgICB0aGlzLmVuZHBvaW50LmFkZFRvUmVzb3VyY2VQb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgc2lkOiAnQWxsb3dDbG91ZEZyb250U2VydmljZVByaW5jaXBhbCcsXG4gICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICBwcmluY2lwYWxzOiBbbmV3IFNlcnZpY2VQcmluY2lwYWwoJ2Nsb3VkZnJvbnQuYW1hem9uYXdzLmNvbScpXSxcbiAgICAgICAgYWN0aW9uczogWydtZWRpYXBhY2thZ2V2MjpHZXRPYmplY3QnLCAnbWVkaWFwYWNrYWdldjI6R2V0SGVhZE9iamVjdCddLFxuICAgICAgICByZXNvdXJjZXM6IFt0aGlzLmVuZHBvaW50Lm9yaWdpbkVuZHBvaW50QXJuXSxcbiAgICAgICAgY29uZGl0aW9uczoge1xuICAgICAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICAgICAgJ2F3czpTb3VyY2VBcm4nOiBjZGsuU3RhY2sub2Yoc2NvcGUpLmZvcm1hdEFybih7XG4gICAgICAgICAgICAgIHNlcnZpY2U6ICdjbG91ZGZyb250JyxcbiAgICAgICAgICAgICAgcmVnaW9uOiAnJyxcbiAgICAgICAgICAgICAgcmVzb3VyY2U6ICdkaXN0cmlidXRpb24nLFxuICAgICAgICAgICAgICByZXNvdXJjZU5hbWU6IG9wdGlvbnMuZGlzdHJpYnV0aW9uSWQsXG4gICAgICAgICAgICB9KSxcbiAgICAgICAgICB9LFxuICAgICAgICB9LFxuICAgICAgfSksXG4gICAgICB0aGlzLmNkbkF1dGgsXG4gICAgKTtcblxuICAgIHJldHVybiB7XG4gICAgICAuLi5vcmlnaW5CaW5kQ29uZmlnLFxuICAgICAgb3JpZ2luUHJvcGVydHk6IHtcbiAgICAgICAgLi4ub3JpZ2luQmluZENvbmZpZy5vcmlnaW5Qcm9wZXJ0eSEsXG4gICAgICAgIG9yaWdpbkFjY2Vzc0NvbnRyb2xJZDogdGhpcy5vcmlnaW5BY2Nlc3NDb250cm9sLm9yaWdpbkFjY2Vzc0NvbnRyb2xSZWYub3JpZ2luQWNjZXNzQ29udHJvbElkLFxuICAgICAgfSxcbiAgICB9O1xuICB9XG59XG4iXX0=