AWS Key Management Service (KMS) now supports a new AWS service in addition to Amazon S3, Amazon EBS, and Amazon Redshift. This week Amazon Elastic Transcoder released support for encryption of media assets using AWS KMS. Specifically, you can upload encrypted mezzanine files, thumbnails, captions and watermarks to Amazon Elastic Transcoder and allow the service to decrypt them for processing and then re-encrypt the output. This feature provides both data-at-rest and data-in-transit encryption for customer files. Supported encryption and key management options range from Amazon S3-managed keys to keys that you manage on your own using AWS KMS.
This new functionality helps ensure the confidentiality of media assets as they are transferred between customer applications and the Amazon Elastic Transcoder service. By using keys in AWS KMS to encrypt these assets, customers have control over who can decrypt their content and they get a full audit of when that content was encrypted and decrypted in their AWS CloudTrail logs.
For more detail on how Amazon Elastic Transcoder supports encryption of media assets, visit the Data Encryption Options section of the developer guide.