2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Hello,
In order to provide path based access with CloudFront Signed Cookies you will need to make use of a custom policy (as opposed to canned) as custom policies allow restricting access based on paths.
As a custom policy can only have 1 policy statement, in the case of two paths, you will need to create two separate policies and ensure that your application can understand this logic and respond with the correct cookie for each of the paths being requested.
With the above in mind, the summary of steps would be:
- Create the CloudFront Key Pair
- Reference the key in the signing code / application
- Create a custom policy for restricting content based on the different criteria i.e. paths
- Create a signature for the policy.
Once created, the application should return the CloudFront-Policy, CloudFront-Signature and CloudFront-Key-Pair-Id cookies per behaviour.
References:
- Using signed cookies : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html
- Setting signed cookies using a custom policy : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
- Creating key pairs for your signers : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs
関連するコンテンツ
AWS公式更新しました 2年前- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
Thank you for the info. Is it possible to open a feature request to support multiple resources in the policy statement? The policy statement is an array of resources and it will be beneficial to just support this on the AWS Cloudfront side instead of client managing the mapping of multiple paths and policy. The documentation doesnt specify that the array size of the statement needs to be 1. But when we pass more than 1 resources in the array, a Malformed Policy error is returned.