I'm trying to set up a cloudfront for my s3 bucket that will only allow users to read or write with the signed URLs.(read the file, upload, and download)
The S3 doesn't have public read/write permissions.
CloudFront is: Http and HTTPS. It has Trusted Signer as self. It has Restricted View access. It has a origin domain name as origin-domain-name/public. Lastly, it has a origin access identity as origin-access-identity/cloudfront/XXXXXXX.
I have my cloudfront pem file and aws private key id.
My c# code to generate signed url is:
StreamReader sr = new StreamReader("../../keys/CloudFront-PrivateKey.pem");
var url = AmazonCloudFrontUrlSigner.GetCannedSignedURL(
AmazonCloudFrontUrlSigner.Protocol.http,
"http://xxxxxxxxxx.cloudfront.net",
sr,
"public/AddinJudgeIssue.png",
"<AWS Private Key ID>",
DateTime.Now.AddDays(2));
Each time when I execute the code, it generates the URL. However, when I copy and paste it to URL, it says "access denied".
First of all, does anyone have any idea about why this happening?
Secondly, this works somehow, can I use this same technique to upload assets to the bucket?
Thank you and apologize for my ignorance. I digged the aws whitepapers, but failed to find a straightforward guidance.
