Purpose

This project implements a secure, token-based license delivery system for a DRM-enabled live video stream using AWS MediaLive with key rotation and Axinom DRM.

The overall architecture:

AWS MediaLive channel is set up with key rotation enabled.

A Lambda function receives CPIX requests via API Gateway, extracts the Key IDs, and stores them in DynamoDB.

This service retrieves the latest Key IDs from DynamoDB, builds entitlement messages, and signs them to produce valid license tokens using a communication key.

1. EntitlementGenerator.js : Generates the entitlement message with the new keyIDs.
2. Shaka.html: Player.
3. dynamodbClient.js : Connects to DynamoDB (contains access credentials) and fetches Key IDs.
4. secrets.json: Stores the communication key and the key ID.
5. tokenGenerator.js: Generates and signs the DRM license token.

How to run the project

1. Run npm install

2. Add IAM user credentials to dynamodbClient.js

3. Start the license service(License generator): node token-generator-service/index.js

4. Open the player:

If using Visual studio Live Server plugin:

• Run the shaka.html with Visual studio Live Server plugin.

If using IIS :

• Player will be opened in your server URL/Shaka.html.
• Your token generator service URL needs to be changed in the tokenGenerator() function in the shaka.html

Resources used

1. Lambda Function (for SPEKE Proxy)

2. Lambda IAM user (to allow writing to DynamoDB)

3. API Gateway (fronts the Lambda function for MediaLive)

4. IAM user to access the DynamoDB (for accessing DynamoDB from this service)

5. Dynamo DB (stores key_id and created_at)

6. Cloud watch (for Lambda logging)

7. MediaPackage IAM role

8. Media Package (for HLS stream delivery)

9. Media Live (generates the HLS stream with key rotation)

10. Input for Media Live

Further Documentation:

• https://docs.axinom.com/services/drm/technical-articles/key-rotation-implementation