Posted On: Oct 27, 2020

Amazon CloudFront in China announces support for signed URLs and signed cookies to enable customers to restrict access to content delivered through their CloudFront distributions. Customers can use Amazon Identity and Access Management based permissions to manage public key access.  

Many customers that distribute content over the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee. You can now require that your users access your private content by using special signed URLs or signed cookies through your CloudFront distributions. You can include additional information, such as an expiration date and time, that allow for granular control over policies that restrict access to your content.

In order to use Signed URLs and Cookies, you must use a key pair – a combination of a public key and a private key. You can manage your public keys via Key Groups, which allow you to upload one or more public keys. After you create a Key Group, you can generate an expiring signed URL and CloudFront will use the public key from the Key Group to validate the signature and confirm that the URL hasn't been tampered with. If the signature is invalid, the request is rejected. You can manage and rotate public keys via CloudFront’s API, enabling efficient and reliable key rotation.

To learn more about serving private content with Amazon CloudFront, read CloudFront's documentation. To get started with Amazon CloudFront, visit our webpage.