Support multiple resource paths in AWS Cloudfront cookie

0

How do we generate a signed cookie for AWS Cloudfront that provides access to two path :

Though the CloudFront-Policy is an array of resources, only 1 resource is allowed in the array. If more resources are sent, we get Malformed Policy error.

已提問 2 年前檢視次數 251 次
2 個答案
0

Hello,

In order to provide path based access with CloudFront Signed Cookies you will need to make use of a custom policy (as opposed to canned) as custom policies allow restricting access based on paths.

As a custom policy can only have 1 policy statement, in the case of two paths, you will need to create two separate policies and ensure that your application can understand this logic and respond with the correct cookie for each of the paths being requested.

With the above in mind, the summary of steps would be:

  • Create the CloudFront Key Pair
  • Reference the key in the signing code / application
  • Create a custom policy for restricting content based on the different criteria i.e. paths
  • Create a signature for the policy.

Once created, the application should return the CloudFront-Policy, CloudFront-Signature and CloudFront-Key-Pair-Id cookies per behaviour.

References:

  1. Using signed cookies : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html
  2. Setting signed cookies using a custom policy : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
  3. Creating key pairs for your signers : https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs
profile pictureAWS
支援工程師
Simba_M
已回答 2 年前
  • Thank you for the info. Is it possible to open a feature request to support multiple resources in the policy statement? The policy statement is an array of resources and it will be beneficial to just support this on the AWS Cloudfront side instead of client managing the mapping of multiple paths and policy. The documentation doesnt specify that the array size of the statement needs to be 1. But when we pass more than 1 resources in the array, a Malformed Policy error is returned.

    {
        "Statement": [ **//this is an array of resources**
            {
                "Resource": "URL of the file",
                "Condition": {
                    "DateLessThan": {
                        "AWS:EpochTime":required ending date and time in Unix time format and UTC
                    },
                    "DateGreaterThan": {
                        "AWS:EpochTime":optional beginning date and time in Unix time format and UTC
                    },
                    "IpAddress": {
                        "AWS:SourceIp": "optional IP address"
                    }
                }
            }
        ]
    }
    
0

已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南