Optimal Solution for Secure Delivery of Video Content - RTMP Distribution

Answer: B.

Option A is incorrect because IAM is used for the identity and access management of AWS accounts.

Creating an IAM role would allow access to services in your AWS account but would not provide signed URL access to your content provided by CloudFront.

Option B is CORRECT because CloudFront signed URLs should be used for securing and limiting access to content in RTMP distribution.

Option C is incorrect because CloudFront signed cookies cannot be used for RTMP distributions, and they can only support the HLS format.

Option D is incorrect because STS is used for providing temporary access to an AWS account or service to an IAM user.

In this situation, the content has to be shared with global users.

Reference:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/live-streaming.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html

When designing a video streaming service that provides paid content to customers worldwide, the most optimal solution to secure delivery of the video content to paying customers is to use CloudFront with signed URLs or signed cookies. This solution provides an additional layer of security to prevent unauthorized access to the video content.

Option A is incorrect because IAM users and roles are designed for managing access to AWS resources, not for managing access to content delivery. Additionally, creating IAM users for each customer is not a scalable solution for a large number of customers.

Option B is the best answer because it provides secure access to content by using signed URLs that are time-limited and can be revoked if necessary. With signed URLs, the viewer's access to the video content is authorized for a specific period, and after that period expires, access is automatically revoked. CloudFront also has built-in features for blocking access from unauthorized sources and preventing hotlinking (direct linking) of content.

Option C is also a valid answer because signed cookies provide an alternative method for controlling access to content. Signed cookies can be used to grant or deny access to content based on specific criteria such as time, IP address, or geographic location. However, signed cookies require more complex configuration and may be less performant than signed URLs.

Option D is not an optimal solution because it requires the use of temporary access tokens that must be generated and managed by an additional service (AWS STS). Temporary access tokens can be useful in certain scenarios but are not necessary for securing access to video content when signed URLs or signed cookies are used.

In summary, using CloudFront with signed URLs or signed cookies is the most optimal solution for securing the delivery of paid video content to customers worldwide. This solution provides an additional layer of security to prevent unauthorized access to the content, and can be easily integrated with other AWS services such as S3, EC2, or Lambda.