Skip to content

Instantly share code, notes, and snippets.

@apal21

apal21/CloudFront Signed URL Custom Policy.js

Created February 5, 2019 09:14
Show Gist options
  • Save apal21/bc845297cf47337e29f9aca6f726d014 to your computer and use it in GitHub Desktop.
Save apal21/bc845297cf47337e29f9aca6f726d014 to your computer and use it in GitHub Desktop.
Download ZIP
Example to generate Signed URLs in CloudFront using Custom Policy.
Raw
CloudFront Signed URL Custom Policy.js
const AWS = require('aws-sdk');
// Try to use process.env.PRIVATE_KEY instead of exposing your key
const privateKey = `-----BEGIN RSA PRIVATE KEY-----
XXXXXXXX
XXXXXXXX
XXXXXXXX
XXXXXXXX
-----END RSA PRIVATE KEY-----`
const cloudFront = new AWS.CloudFront.Signer('PUBLIC_ACCESS_KEY', privateKey);
const policy = JSON.stringify({
"Statement": [
{
"Resource": "https://abcdefghijklmn.cloudfront.net/test/a.txt",
"Condition": {
"DateLessThan": {
"AWS:EpochTime": Math.floor((new Date()).getTime() / 1000) + (60 * 60 * 1) // Current Time in UTC + time in seconds, (60 * 60 * 1 = 1 hour)
}
}
}
]
});
cloudFront.getSignedUrl({
policy,
}, (err, url) => {
if (err) throw err;
console.log(url);
});
@anubhab-parallel-reality
Copy link

It is caused by this line in the SDK. It seems it is necessary to provide the Resource URL as url property to the options argument.

//  ... same as gist
cloudFront.getSignedUrl({
  url: <resource_url_here_as_string>
  policy,
}, (err, url) => {
  if (err) throw err;
  console.log(url);
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment