Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use AWS.CloudFront.Signer in Lambda function

I'm trying to use Lambda to generate and return a signed cookie so my iOS app can use the cookie to access restricted files via CloudFront.

I think this should be possible using the Signer class: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudFront/Signer.html

On this basis I have written the following Lambda function:

var AWS = require('aws-sdk');
var keyPairId = 'APK...';
var privateKey = 'MIIE...';
var signer = new AWS.CloudFront.Signer(keyPairId, privateKey);

exports.handler = function(event, context) {
    var options = {url: "https://xxxxxx.cloudfront.net", expires: 1357100000};

    signer.getSignedCookie(options, function(err, data) {
        if (err) {
            context.fail(err);
        } else {
            context.succeed('Success');
        }
    });
};

However, this does not work. I keep getting the error 'Process exited before completing request'. I have tried many permutations for the format of the 'options' parameter, none of which make any difference.

Any help would be appreciated.

like image 599
Elliot Avatar asked Jul 11 '16 11:07

Elliot


1 Answers

It turns out my private key format was incorrect. It needs to include the '-----BEGIN RSA PRIVATE KEY-----' wording and also the new line characters, like this (private key mangled for obvious reasons):

var privateKey = '-----BEGIN RSA PRIVATE KEY-----' + '\n' +
'MIIEogIBAAKCAQEAgaqMPqZ2QlhLx7pmguBMR32+dLPq7HrXN92z+QLbLgQklDpU' + '\n' +
'D/LLayMk5tyoZXLjRElZiWgIbLa8ftCQBVT1feG9XbwJVvBKqBkZzHR7xB47LVud' + '\n' +
't8zatnHHQngXkFV/YY+RAv9XN3E6GacXn02cGKbF14pQWFbjdJDcqUq1yf8/b9i7' + '\n' +
'JorOYYarXYXXYPaRp1HxSDAZkjM5WC0GeOk7v4cCgYB5chK6CARv5Wx9yzVYurvQ' + '\n' +
'KJxpidxV2AE4MgTkg8UeK7GPhizJIIKRPmvfM/rmiRC9NvrCHzTsVwk0mVWDhRuH' + '\n' +
'iATROrmPVQA6CZYODAmjXXXXXXsREg2s4+6XKzH/Cylb1YTowkIkWNyZEAtuyaBK' + '\n' +
'BBswVdO8VlOKQoouH71ktQKBgF1Sr4/btRI2wiVWWnEaORJO6+3Pekm4xyIbaOPo' + '\n' +
'yaRSy3KOQETUUR9Wg6dEwCEXBkBfte1dk/DIzES7FppypeXqu7viRLmOC1gXEK+6' + '\n' +
'k1hwClaKGhqafVVsHSsUzIUkBusoo4GKTXnrl/EPD5gpgt9TsPt/D1KqWW5sxfrl' + '\n' +
'dm+fAoGAcr0QqHdGea5OeC0fQGFZkgSQZ3ojdX43KWXXr5Jl+4ZiJTbOYqgGE+DL' + '\n' +
'QJX1I9fqruHhn02hXXX+eTOLOT4GDv2Lf6uHhQPHWgv4K3u/7Xb35Pumn/x2e8vb' + '\n' +
'xrRsk3KxdYAq+I9mpjYKIZL2EswnIkOTFJR+3O179/vpsFpIACg=' + '\n' +
'-----END RSA PRIVATE KEY-----';

With this change everything works fine.

like image 108
Elliot Avatar answered Nov 14 '22 20:11

Elliot