En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Support multiple resource paths in AWS Cloudfront cookie

0

How do we generate a signed cookie for AWS Cloudfront that provides access to two path :

Though the CloudFront-Policy is an array of resources, only 1 resource is allowed in the array. If more resources are sent, we get Malformed Policy error.

Sujets
Réseaux et diffusion de contenu
Balises
Amazon CloudFront
Langue
English
shrey-meditate-for-life
demandé il y a 2 ans251 vues
2 réponses
0

Hello,

In order to provide path based access with CloudFront Signed Cookies you will need to make use of a custom policy (as opposed to canned) as custom policies allow restricting access based on paths.

As a custom policy can only have 1 policy statement, in the case of two paths, you will need to create two separate policies and ensure that your application can understand this logic and respond with the correct cookie for each of the paths being requested.

With the above in mind, the summary of steps would be:

  • Create the CloudFront Key Pair
  • Reference the key in the signing code / application
  • Create a custom policy for restricting content based on the different criteria i.e. paths
  • Create a signature for the policy.

Once created, the application should return the CloudFront-Policy, CloudFront-Signature and CloudFront-Key-Pair-Id cookies per behaviour.

References:

  1. Using signed cookies : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html
  2. Setting signed cookies using a custom policy : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
  3. Creating key pairs for your signers : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs
profile pictureAWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Simba_M
répondu il y a 2 ans
  • shrey-meditate-for-life
    il y a 2 ans

    Thank you for the info. Is it possible to open a feature request to support multiple resources in the policy statement? The policy statement is an array of resources and it will be beneficial to just support this on the AWS Cloudfront side instead of client managing the mapping of multiple paths and policy. The documentation doesnt specify that the array size of the statement needs to be 1. But when we pass more than 1 resources in the array, a Malformed Policy error is returned.

    {
    "Statement": [ **//this is an array of resources**
        {
            "Resource": "URL of the file",
            "Condition": {
                "DateLessThan": {
                    "AWS:EpochTime":required ending date and time in Unix time format and UTC
                },
                "DateGreaterThan": {
                    "AWS:EpochTime":optional beginning date and time in Unix time format and UTC
                },
                "IpAddress": {
                    "AWS:SourceIp": "optional IP address"
                }
            }
        }
    ]
}
0
shrey-meditate-for-life
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents