AWS Cloudfront Signed URL still valid after expiry time
0
To generate AWS cloudfront signed url , I have enabled restrict viewer access --> Yes --> Trusted signer while creating distribution.
from datetime import datetime,timedelta, timezone
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from botocore.signers import CloudFrontSigner
import base64
CLOUDFRONT_KEY_BASE64 = "*******"
def rsa_signer(message):
private_key_string = base64.b64decode(CLOUDFRONT_KEY_BASE64)
private_key_ascii = private_key_string.decode('ascii')
private_key = serialization.load_pem_private_key(
private_key_ascii.encode('UTF-8'),
password=None,
backend=default_backend()
)
return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())
key_id = '*******'
url = 'https://*****.cloudfront.net/hello.pdf'
expire_date = datetime(2022, 4, 24,11,33)
cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
signed_url = cloudfront_signer.generate_presigned_url(url, date_less_than=expire_date)
print(signed_url)The signed url is generated:
https://****.cloudfront.net/hello.pdf?Expires=1650799980&Signature=******&Key-Pair-Id=*****This url works even after expiry time 2022-04-24 11:33:00 But when I generate URL of old date (2022-04-23), the url doesnot work. I checked with today date 2022-04-24 but older time 2022-04-24 07:33:00, url works even after expiry.
How to invalidate the signed url after expiry time?
asked a month ago6 views
1 Answers
0
You've probably got this under control but just in case - note the expiry time is in GMT, so are you definitely checking after your local time is past 2022-04-24 11:33:00 GMT?
answered a month ago
Relevant questions
AWS Cloudfront Signed URL still valid after expiry time
asked a month agoAWS CDN signed url doesn't open after redirected from facebook, gmail message
asked a month agoCloudfront with a Lambda@Edge pointing to a private S3
asked 2 years agoMedia access restricted to certain FQDN.
asked 3 months agoGenerate S3 Presigned URL with 7 Day Expiry via Lambda
Accepted Answerasked 2 years agoWhat's the best practice for sharing videos hosted on Amazon S3 using presigned URLs?
Accepted Answerasked 5 years agoError using CloudFront Distribution signed Url to access restricted S3 images
asked 5 months agoNon guessable CloudFront URL
asked 11 days agoAccess denied when trying to GET objects uploaded to s3 bucket via aws sdk using cloudfront
Accepted Answerasked 6 months agoS3 pre signed url with block public access on a bucket
Accepted Answerasked 2 years ago
I am checking after past 2022-04-24 11:33:00 GMT. With this signed url opens in android chrome browser but doesnot open in Windows chrome (clear all data).