Created
January 24, 2023 20:31
-
-
Save christian-calabrese/049647e35413f1d9f028f6e9db8d9975 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
import os | |
import rsa | |
from botocore.signers import CloudFrontSigner | |
from datetime import datetime, timedelta, timezone | |
client = boto3.client('secretsmanager') | |
def get_secret(secret_key): | |
secret_value_response = client.get_secret_value( | |
SecretId=secret_key | |
) | |
return secret_value_response['SecretString'] | |
def rsa_signer(message): | |
private_key = get_secret(os.environ['CF_PRIVATE_KEY']) | |
return rsa.sign( | |
message, | |
private_key, | |
'SHA-1') # CloudFront requires SHA-1 hash | |
def sign_url(s3_key, cf_key_id, cf_base_url): | |
cf_signer = CloudFrontSigner(cf_key_id, rsa_signer) | |
url_to_sign = f"https://{cf_base_url}/{s3_key}" | |
years_valid = os.environ.get('YEARS_VALID', 10) | |
date_less_than = datetime.now(timezone.utc) + timedelta(days=years_valid*365) # today + x years | |
return cf_signer.generate_presigned_url(url=url_to_sign, date_less_than=date_less_than) | |
def lambda_handler(event, context): | |
signed_url = sign_url(event['key'], | |
os.environ['CF_KEY_ID'], | |
os.environ['CF_BASE_URL']) | |
return signed_url |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment