By using AWS re:Post, you agree to the Terms of Use
/AWS Cloudfront Signed URL still valid after expiry time/

AWS Cloudfront Signed URL still valid after expiry time

0

To generate AWS cloudfront signed url , I have enabled restrict viewer access --> Yes --> Trusted signer while creating distribution.

from datetime import datetime,timedelta, timezone

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from botocore.signers import CloudFrontSigner
import base64

CLOUDFRONT_KEY_BASE64 = "*******"
def rsa_signer(message):
    private_key_string = base64.b64decode(CLOUDFRONT_KEY_BASE64)
    private_key_ascii = private_key_string.decode('ascii')
    
    private_key = serialization.load_pem_private_key(
            private_key_ascii.encode('UTF-8'),
            password=None,
            backend=default_backend()
        )
    
    return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())

key_id = '*******'
url = 'https://*****.cloudfront.net/hello.pdf'
expire_date = datetime(2022, 4, 24,11,33)
cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
signed_url = cloudfront_signer.generate_presigned_url(url, date_less_than=expire_date)
print(signed_url)

The signed url is generated:

https://****.cloudfront.net/hello.pdf?Expires=1650799980&Signature=******&Key-Pair-Id=*****

This url works even after expiry time 2022-04-24 11:33:00 But when I generate URL of old date (2022-04-23), the url doesnot work. I checked with today date 2022-04-24 but older time 2022-04-24 07:33:00, url works even after expiry.

How to invalidate the signed url after expiry time?

1 Answers
0

You've probably got this under control but just in case - note the expiry time is in GMT, so are you definitely checking after your local time is past 2022-04-24 11:33:00 GMT?

answered a month ago
  • I am checking after past 2022-04-24 11:33:00 GMT. With this signed url opens in android chrome browser but doesnot open in Windows chrome (clear all data).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions