Python script for AWS Cloudfront with boto api Raw

boto-cloudfront-manager.py

# -*- coding: utf-8 -*-

import StringIO
import time

import boto
from boto.cloudfront.distribution import Distribution


class CloudFrontManager(object):
    """
        @todo : provides the cloud front services
    """
    def __init__(self, cname=True):
        self.conn = boto.connect_cloudfront("AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY")
        self.dist = self.conn.get_distribution_info("AWS_CLOUD_FRONT_DIST_ID")

        if cname and self.dist.config.cnames:
            self.domain = self.dist.config.cnames[0]
        else:
            self.domain = self.dist.domain_name

    def get_http_resource_url(self, resource, secure=False):
        """
        Args:
            resource: optional path and/or filename to the resource
                   (e.g. /mydir/somefile.txt);
                    defaults to wildcard if unset '*'
            secure: whether to use https or http protocol for Cloudfront URL - update
                    to match your distribution settings
        Returns:
             constructed URL
        """
        protocol = "http" if not secure else "https"
        resource_url = '%s://%s/%s' % (protocol, self.domain, resource)

        return resource_url

    def create_signed_cookies(self, resource='*', expire_minutes=3):
        """
        generate the Cloudfront download distirbution signed cookies
        Args:
            resource:   path to the file, path, or wildcard pattern to generate policy for
            expire_minutes:  number of minutes until expiration
        Returns:
            tuple with domain used within policy (so it matches
            cookie domain), and dict of cloudfront cookies you
            should set in request header
        """
        resource_url = self.get_http_resource_url(resource)

        policy = Distribution._canned_policy(resource_url, CloudFrontManager.get_expires(expire_minutes))
        encoded_policy = Distribution._url_base64_encode(policy)
        signature = CloudFrontManager.generate_signature(policy, private_key_file="AWS_CLOUD_FRONT_PRIVATE_KEY_FILE")

        cookies = {
            "CloudFront-Policy": encoded_policy,
            "CloudFront-Signature": signature,
            "CloudFront-Key-Pair-Id": "AWS_CLOUD_FRONT_PRIVATE_KEY_ID"
        }

        return self.domain, cookies

    def create_signed_url(self, resource='*', expire_minutes=3):
        """
        generate the Cloudfront download distirbution signed url
        Args:
            resource:   path to the file, path, or wildcard pattern to generate policy for
            expire_minutes:  number of minutes until expiration
        Returns:
            cloudfront signed url
        """
        resource_url = self.get_http_resource_url(resource)

        policy = Distribution._canned_policy(resource_url, CloudFrontManager.get_expires(expire_minutes))
        encoded_policy = Distribution._url_base64_encode(policy)
        signature = CloudFrontManager.generate_signature(policy, private_key_file="AWS_CLOUD_FRONT_PRIVATE_KEY_FILE")

        signed_url = " %s?Policy=%s&Signature=%s&Key-Pair-Id=%s" % (
            resource_url,
            encoded_policy,
            signature,
            "AWS_CLOUD_FRONT_PRIVATE_KEY_ID"
        )

        return signed_url

    @staticmethod
    def get_expires(minutes):
        unix_time = time.time() + (minutes * 60)
        expires = int(unix_time)

        return expires

    @staticmethod
    def generate_signature(policy, private_key_file=None):
        """
        Args:
            policy:     no-whitespace json str (NOT encoded yet)
            private_key_file:   your .pem file with which to sign the policy
        Returns:
             encoded signature for use in cookie
        """
        signature = Distribution._sign_string(policy, private_key_file)
        encoded_signature = Distribution._url_base64_encode(signature)

        return encoded_signature