Amazon CloudFront
Developer Guide (API Version 2012-05-05)
AWS Documentation » Amazon CloudFront » Developer Guide » Using a Signed URL to Serve Private Content » How to Serve Private Content Using a Signed URL
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

How to Serve Private Content Using a Signed URL

Topics

This section describes how to create a distribution you can use to distribute private content via a signed URL.

Private Content Process Overview

The following figure and table describe the process for restricting user access. The process is divided into two sections corresponding to the two parts of the process (as described in Two Parts to Serving Private Content).

The first section, the top row with the first three tasks shaded in blue, covers the tasks required to secure your content in Amazon S3 (that is, to make your content accessible only through CloudFront).

The second section, with tasks 4 through 6, covers the additional tasks required to create signed URLs, which allow you to restrict access to the content to users who have a signed URL.

Process for Serving Private Content

1

Use the CloudFront API to create a CloudFront origin access identity.

For more information, see Overview of the CloudFront Origin Access Identity.

2

Use the Amazon S3 API or the Amazon S3 console of the AWS Management Console to update the ACL on your private objects. Give read permission to the CloudFront origin access identity by using its canonical user ID. Remove public-access permissions.

For more information about setting the ACL, see Updating Amazon S3 Bucket Policies or ACLs on Your Private Content Buckets or Objects.

3

Set up a private content distribution or streaming distribution (either create a new distribution or update an existing one).

For more information, see Creating a Private Content Distribution.

4

Use the Accounts link in the AWS Management Console to access the Key Pairs tab of the Access Credentials page. Create an RSA key pair and download the private key. You'll use this key to create a signed URL.

For more information about creating your key pair, see Creating a Key Pair.

5

Update your private content distribution or streaming distribution to specify that the distribution's URLs must be signed, and the accounts that can sign them.

For more information, see Requiring Signed URLs.

6

Create a signed URL to give to the authorized end user. For more information, see Signature Code, Examples, and Tools.


To get started with creating a private content distribution using a signed URL, see Securing Your Content in Amazon S3.

Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...