Generating signed URLs for CloudFront links is a little more tricky than for S3. It's because signature generation for S3 URLs is handled a bit differently than CloudFront URLs and this functionality is not currently supported by the aws-sdk library for JavaScript. In case you also need to do this, I've created this simple utility to make things easier.
###Configure CloudFront
-
Create a CloudFront distribution
-
Configure your origin with the following settings:
Origin Domain Name: {your-s3-bucket}
Restrict Bucket Access: Yes
Grant Read Permissions on Bucket: Yes, Update Bucket Policy -
Create CloudFront Key Pair.
###Installing
npm install aws-cloudfront-sign###Usage
var cf = require('aws-cloudfront-sign')
var params = {
keypairId: process.env.PUBLIC_KEY,
privateKeyString: process.env.PRIVATE_KEY,
privateKeyPath: '/path/to/private/key', // Optional. Use as an alternative to privateKeyString.
expireTime: '<epoch time when you wish the link to expire>'
}
var signedUrl = cf.getSignedUrl('http://example.com/path/to/s3/object', params);
console.log('Signed URL: ' + signedUrl);