I'm able to access my origin objects using cloudfront signed url with custom domain. The problem comes when i try to use cloudfront signed cookies , then i got a 403 Access Denied response from cloudfront.
<Error>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>
I use exactly the same :
- bucket
- OAI credentials
- Key pair ID
- Private Key
- Policy
and my cloudfront and origin configuration that i use for signed url.
Below is the nodejs code that i use. I really don't know what's wrong.
Any help will be very appreciated!
Thank you!
var moment = require('moment');
var AWS = require('aws-sdk');
var keyPairId = 'APKAIPZ5BRDMEXAMPLE';
var privateKey = '-----BEGIN RSA PRIVATE KEY-----\n' +
'MIIEowIBAAKCAQEAsL+Tz/soZcDQLXcgJE89h5RHfZY+ddNIVI/3T0OvjOOFVRLp\n' +
'0gN+06cwXWsvlmeEbnh5XdklA38H4p3wt5mxqip4YmuvbW6i+8UALHxPW0LTmiz0\n' +
's4J6HB0eXhm3cbFV60i1DNat+W2q5miqlXqxKSdg+UbUGlFA5CbR\n' +
'-----END RSA PRIVATE KEY-----';
var signer = new AWS.CloudFront.Signer(keyPairId, privateKey);
var expireTime = moment().add(3600, 'sec').unix();
exports.handler = (event, context, callback) => {
var domain = 'mydomain.com';
var resource = 'https://cdn.mydomain.com/*';
var attributes = '; domain=' + domain + '; path=/; secure; httpOnly'
var options = {policy : '{"Statement":[{"Resource":"' + resource +
'","Condition":{"DateLessThan":{"AWS:EpochTime":' + expireTime +
'}}}]}'};
signer.getSignedCookie(options, function(err, data) {
if (err) {
//do somehing
} else {
context.done(null, {
'Set-Cookie': 'CloudFront-Policy=' + data["CloudFront-Policy"] + attributes,
'SEt-Cookie': 'CloudFront-Signature=' + data["CloudFront-Signature"] + attributes,
'SeT-Cookie': 'CloudFront-Key-Pair-Id=' + data["CloudFront-Key-Pair-Id"] + attributes
});
}
});
};
var expireTime = Math.round((new Date()).getTime() / 1000) + 3600;- Brice