I want to create a web cloudFront distribution that can be accessed only using signed URL's.
On creating the distribution manually, there is an option Restrict Viewer Access under the Default Cache Behavior Settings.
I want to create the distribution using the serverless framework but I can't find the CloudFormation attribute for the Restrict Viewer Access property.
In CloudFront, a signed URL allow access to a path. Therefore, if the user has a valid signature, he can access it, no matter the origin. In S3, a signed URL issue a request as the signer user.
You can use several different kinds of origins with CloudFront. For example, you can use an Amazon S3 bucket, a MediaStore container, a MediaPackage channel, an Application Load Balancer, or an AWS Lambda function URL.
The documentation is totally not clear on this one. If the signing keys are in the same account you are deploying the CloudFront Distribution to you just need:
TrustedSigners:
- self
Note sometime in late 2020 CloudFront provided a way to create signing keys that does not involve using the AWS account root user. See these docs for more information. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#choosing-key-groups-or-AWS-accounts
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With