Skip to content

Instantly share code, notes, and snippets.

@apal21

apal21/CloudFront Signed URL Custom Policy.js

Created February 5, 2019 09:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save apal21/bc845297cf47337e29f9aca6f726d014 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save apal21/bc845297cf47337e29f9aca6f726d014 to your computer and use it in GitHub Desktop.
Download ZIP
Example to generate Signed URLs in CloudFront using Custom Policy.
Raw
CloudFront Signed URL Custom Policy.js
const AWS = require('aws-sdk');
// Try to use process.env.PRIVATE_KEY instead of exposing your key
const privateKey = `-----BEGIN RSA PRIVATE KEY-----
XXXXXXXX
XXXXXXXX
XXXXXXXX
XXXXXXXX
-----END RSA PRIVATE KEY-----`
const cloudFront = new AWS.CloudFront.Signer('PUBLIC_ACCESS_KEY', privateKey);
const policy = JSON.stringify({
"Statement": [
{
"Resource": "https://abcdefghijklmn.cloudfront.net/test/a.txt",
"Condition": {
"DateLessThan": {
"AWS:EpochTime": Math.floor((new Date()).getTime() / 1000) + (60 * 60 * 1) // Current Time in UTC + time in seconds, (60 * 60 * 1 = 1 hour)
}
}
}
]
});
cloudFront.getSignedUrl({
policy,
}, (err, url) => {
if (err) throw err;
console.log(url);
});
@anubhab-parallel-reality
Copy link
Copy Markdown

anubhab-parallel-reality commented Jun 17, 2023

It is caused by this line in the SDK. It seems it is necessary to provide the Resource URL as url property to the options argument.

//  ... same as gist
cloudFront.getSignedUrl({
  url: <resource_url_here_as_string>
  policy,
}, (err, url) => {
  if (err) throw err;
  console.log(url);
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment