How to create a signed cloudfront URL with Python?

Question

I would like to know how to create a signed URL for cloudfront. The current working solution is unsecured, and I would like to switch the system to secure URL's.

I have tried using Boto 2.5.2 and Django 1.4

Is there a working example on how to use the boto.cloudfront.distribution.create_signed_url method? or any other solution that works?

I have tried the following code using the BOTO 2.5.2 API

def get_signed_url():
    import boto, time, pprint
    from boto import cloudfront
    from boto.cloudfront import distribution
    AWS_ACCESS_KEY_ID = 'YOUR_AWS_ACCESS_KEY_ID'
    AWS_SECRET_ACCESS_KEY = 'YOUR_AWS_SECRET_ACCESS_KEY'
    KEYPAIR_ID = 'YOUR_KEYPAIR_ID'
    KEYPAIR_FILE = 'YOUR_FULL_PATH_TO_FILE.pem'
    CF_DISTRIBUTION_ID = 'E1V7I3IOVHUU02'
    my_connection = boto.cloudfront.CloudFrontConnection(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
    distros = my_connection.get_all_streaming_distributions()
    oai = my_connection.create_origin_access_identity('my_oai', 'An OAI for testing')
    distribution_config = my_connection.get_streaming_distribution_config(CF_DISTRIBUTION_ID)
    distribution_info = my_connection.get_streaming_distribution_info(CF_DISTRIBUTION_ID)
    my_distro = boto.cloudfront.distribution.Distribution(connection=my_connection, config=distribution_config, domain_name=distribution_info.domain_name, id=CF_DISTRIBUTION_ID, last_modified_time=None, status='Active')

    s3 = boto.connect_s3()
    BUCKET_NAME = "YOUR_S3_BUCKET_NAME"
    bucket = s3.get_bucket(BUCKET_NAME)
    object_name = "FULL_URL_TO_MP4_ECLUDING_S3_URL_DOMAIN_NAME EG( my/path/video.mp4)"
    key = bucket.get_key(object_name)
    key.add_user_grant("READ", oai.s3_user_id)

    SECS = 8000
    OBJECT_URL = 'FULL_S3_URL_TO_FILE.mp4'
    my_signed_url = my_distro.create_signed_url(OBJECT_URL, KEYPAIR_ID, expire_time=time.time() + SECS, valid_after_time=None, ip_address=None, policy_url=None, private_key_file=KEYPAIR_FILE, private_key_string=KEYPAIR_ID)

Everything seems fine until the method create_signed_url. It returns an error.

Exception Value: Only specify the private_key_file or the private_key_string not both

Answer 1

Omit the private_key_string:

my_signed_url = my_distro.create_signed_url(OBJECT_URL, KEYPAIR_ID,
        expire_time=time.time() + SECS, private_key_file=KEYPAIR_FILE)

That parameter is used to pass the actual contents of the private key file, as a string. The comments in the source explain that only one of private_key_file or private_key_string should be passed.

You can also omit all the kwargs which are set to None, since None is the default.