Skip to content

Instantly share code, notes, and snippets.

@beingadityak

beingadityak/generate-keypairs.sh

Last active December 1, 2022 02:27
Show Gist options
  • Save beingadityak/645fc9d8573480836d4e774b967d6632 to your computer and use it in GitHub Desktop.
Save beingadityak/645fc9d8573480836d4e774b967d6632 to your computer and use it in GitHub Desktop.
Download ZIP
Generate CloudFront Signed URLs for your private content
Raw
generate-keypairs.sh
#!/usr/bin/env bash
openssl genrsa -out private_key.pem 2048 # generate an RSA private key of 2048 bits
openssl rsa -pubout -in private_key.pem -out public_key.pem # Generate the public key from the private key
Raw
signed-url-cloudfront.js
const AWS = require('aws-sdk');
const fs = require('fs');
const path = require('path');
const distUrl = 'YOUR_DISTRIBUTION_HERE';
const s3Key = 'YOUR_S3_OBJECT_KEY_HERE';
const cfAccessKeyId = 'YOUR_PUBLIC_KEY_ID_HERE';
let cfPrivateKey = fs.readFileSync(path.join(__dirname, 'private_key.pem'));
const signer = new AWS.CloudFront.Signer(cfAccessKeyId, cfPrivateKey)
const thirtySeconds = 30 * 1000; // 30 seconds
let cfObjectUrl = 'https://' + distUrl + '/' + s3Key;
const signedUrl = signer.getSignedUrl({
url: cfObjectUrl,
expires: Math.floor((Date.now() + thirtySeconds)/1000)
})
console.log(signedUrl)
@wparad
Copy link

wparad commented Nov 13, 2021

YOUR_PUBLIC_KEY_HERE is wrong, it should say YOUR_PUBLIC_KEY_ID_HERE:

The ID for a CloudFront public key, for example, K2JCJMDEHXQW5F. The public key ID tells CloudFront which public key to use to validate the signed URL. CloudFront compares the information in the signature with the information in the policy statement to verify that the URL has not been tampered with.

@beingadityak
Copy link
Author

@wparad Thanks for pointing out. It's fixed now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment