I've setup Cloudfront and AWS and I've created a separate Behaviour with Restricted View Access and and in my app I'm using CloudFrontUrlSigner from the Java API to sign urls like this:
return CloudFrontUrlSigner.getSignedURLWithCannedPolicy('https://d2q5345wrel4pb8.cloudfront.net/test.jpeg', backendProperties.getAws().getKeyId(), keyFactory.generatePrivate(keySpec), cal.getTime());
and this works fine - I am able to open the url in the browser, the parameters are there and everything works fine.
Now I've also added one entry in Alternative Domain Names: cdn.mycompany.com, and so I try to sign the URL again with the same code:
return CloudFrontUrlSigner.getSignedURLWithCannedPolicy('https://cdn.mycompany.com/test.jpeg', backendProperties.getAws().getKeyId(), keyFactory.generatePrivate(keySpec), cal.getTime());
but the url in the browser says:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>
What am I missing?
AWS OFFICIALUpdated 2 years ago
