Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Create CloudFront distribution that accepts only signed URL’s with serverless

Tags:

amazon-cloudfront

amazon-cloudformation

serverless

I want to create a web cloudFront distribution that can be accessed only using signed URL's.

On creating the distribution manually, there is an option Restrict Viewer Access under the Default Cache Behavior Settings.

enter image description here

I want to create the distribution using the serverless framework but I can't find the CloudFormation attribute for the Restrict Viewer Access property.

enter image description here

like image 303
Abhishek Pandey Avatar asked May 16 '19 13:05

Abhishek Pandey

People also ask

What is the difference between CloudFront signed URL and S3 signed URL?

In CloudFront, a signed URL allow access to a path. Therefore, if the user has a valid signature, he can access it, no matter the origin. In S3, a signed URL issue a request as the signer user.

Which types of origin does Amazon CloudFront support?

You can use several different kinds of origins with CloudFront. For example, you can use an Amazon S3 bucket, a MediaStore container, a MediaPackage channel, an Application Load Balancer, or an AWS Lambda function URL.

1 Answers

The documentation is totally not clear on this one. If the signing keys are in the same account you are deploying the CloudFront Distribution to you just need:

    TrustedSigners:
      - self

Note sometime in late 2020 CloudFront provided a way to create signing keys that does not involve using the AWS account root user. See these docs for more information. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#choosing-key-groups-or-AWS-accounts

like image 167
cementblocks Avatar answered Sep 29 '22 10:09

cementblocks
Sign in to Comment

Related questions

CloudFormation AWS::CertificateManager::Certificate automated certificate validation
AWS Signature creation using PHP
AWS CloudFormation where will UserData be stored?
How to read the describe_stack Output attribute
CloudFront can't use S3 Website origin, only REST origin Cloudformation
How can I create IAM Role Dropdown in Cloudformation Template Parameters
AWS CloudFormation /var/log/cloud-init-output.log equivalent for Windows AMIs
CloudFormation template to set S3 bucket default encryption [duplicate]
Automounting ebs volume in linux-Ec2 instance using cloud formation?
Passing ARN reference from CloudFormation to Swagger
Setup Lambda function to run a CloudFormation stack
How to allow only email as username alias with CloudFormation?
How do I run my CDK app?
Value of property SecurityGroupIds must be of type List of String error while updating stack
In AWS CloudFormation is it possible to create a number of EC2 instances with the values from Mappings without AutoScaling group?
How to configure a Serverless S3 bucket resource to use a CORS AllowOrigin set to the http endpoint of its function
AWS ECR CF template fails with 'Invalid repository policy provided'
CloudFormation to setup CodePipeline/CodeBuild to deploy SAM application
AWS:elastic_ip Assign a name to an elastic ip using cloudformation
AWS SAM template/cloudformation No integration defined for method (Service: AmazonApiGateway

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!