Important Update: Amazon CloudFront announces support for public key management through IAM user permissions for signed URLs and signed cookies
In this example we provide step-by-step instructions to create Amazon CloudFront Signed URLs with both canned and custom policies using:
- AWS Lambda as the execution tool
- AWS Secrets Manager to manage the private signing key for security best practices
- Amazon S3 as a restricted content source
Detailed information about:
What you will need:
- An AWS account with an IAM user
- Working knowledge of Amazon IAM, S3, CloudFront, Secrets Managers, and Lambda
- Working knowledge of Node.js
Please start with Step 1 to begin the exercise.
Step 1: Create Amazon S3 Bucket
Step 2: Create Amazon CloudFront Distribution
Step 3: Create Amazon CloudFront Key Groups
Step 4: Create AWS Secrets Manager
Step 5: Create AWS CloudFront SignedURL with Canned Policy
Step 6: Create AWS CloudFront SignedURL with Custom Policy