Menu
Currently, we use the CloudFront Key Pair ID and Private Key to generate the cloudFront signed url which we use to upload the file into s3. CloudFront Key Pair ID and Private Key are being kept in property file which we inject using Spring and construct the signed url. We wanted to change this, instead of keeping CloudFront Key Pair ID and Private Key in properties file, we wanted to use IAM role to find it and construct the signed URL. Is that possible? If yes, how?
931
That is not possible. CloudFront signed URLs do not use IAM -- it's a different system -- so using IAM roles is not possible when generating CloudFront signed URLs. You can use them for S3 signed URLs, but not CloudFront.
One option I have used is to store the CloudFront key pair ID and the private key -- encrypted -- in SSM Parameter Store. Your application can then use the SDK and the IAM role in order to fetch the keypair ID and to fetch and decrypt the CloudFront private key for use when generating the URLs. Parameter Store is free.
51
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
