Example to generate Signed Cookies in CloudFront using Custom Policy.

CloudFront Signed Cookies Custom Policy.js

const AWS = require('aws-sdk');

const cloudFront = new AWS.CloudFront.Signer(
  process.env.PUBLIC_KEY,
  process.env.PRIVATE_KEY
);

const policy = JSON.stringify({
  Statement: [
    {
      Resource: 'http*://cdn.your-domain.com/*', // http* => http and https
      Condition: {
        DateLessThan: {
          'AWS:EpochTime':
            Math.floor(new Date().getTime() / 1000) + 60 * 60 * 1, // Current Time in UTC + time in seconds, (60 * 60 * 1 = 1 hour)
        },
      },
    },
  ],
});

// Handle Login Route
router.post('/login-route', (req, res) => {
  /* Code to Verify the credentials */

  // Set Cookies after successful verification
  const cookie = cloudFront.getSignedCookie({
    policy,
  });

  res.cookie('CloudFront-Key-Pair-Id', cookie['CloudFront-Key-Pair-Id'], {
    domain: '.your-domain.com',
    path: '/',
    httpOnly: true,
  });

  res.cookie('CloudFront-Policy', cookie['CloudFront-Policy'], {
    domain: '.your-domain.com',
    path: '/',
    httpOnly: true,
  });

  res.cookie('CloudFront-Signature', cookie['CloudFront-Signature'], {
    domain: '.your-domain.com',
    path: '/',
    httpOnly: true,
  });

  // Send some response
  res.send({ some: 'response' });
});

it did not work!