AWS Cloudfront Presigned URL error "no such key"

1
votes

I'm creating an Amazon presigned url to give my Cloudfront links an expiry date.

The link works, showing that the object is accessible (parts in bold protected for Stack Overflow):

http://MY CLOUDFRONT URL/3304686e4a1176617a0d515ec69abd1e4e765d4c3730e14c7.mp3

However the object with a policy attached does not work.

http://MY CLOUDFRONT URL/3304686e4a1176617a0d515ec69abd1e4e765d4c3730e14c7.mp3?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2QzMGk2b214eWxiZ3FxLmNsb3VkZnJvbnQubmV0L2F1ZGlvLzEtODNiNjMzMDQ2ODZlNGExMTc2NjE3YTBkNTE1ZWM2OWFiZDFlNGU3NjVkNGMzNzMwZTE0YzcubXAzIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNTcyNTIwNDU2fX19XX0_&Signature=Ch4GtdMAKDe8cdBCzAMDEj3C6QeDoc68P76V0iDfH-gNawYlTqQ9M04jZB2PL4weJuV~6nLT8HlHImJvtVdD17J4P1Lva24r3IC5bTdWlMVDOqOlpAV81yMppmg7kNi6Y6ySBofZ~4e-WyDeDTqGLbcG~TQxOWOwppHaVN9nuPaLu8JX2iHD28BqHDghQXR-dGRjbCVfku5SHXsAVXPZMBEaAhpGxBMFE00gho6rGUKtgH8-TOiUmGWsxlBNjx1SGBKAwwiV~m-uKBR~6m5qLrEgJI28XmESZKjidrQsaH~qbYVVyr-cyYTsJOunOSPgpyI52RJg4jkg7kJLqU9kzQ__&Key-Pair-Id=MY KEY PAIR ID

results in the following error

enter image description here

How do I establish what is wrong with my signing policy? Is it possible to debug this signed url? As far as I can establish from the documentation it should work.

Thanks.

1
amazon-web-servicesamazon-cloudfrontpre-signed-url

1 Answers

1
votes

It looks like even though you have created CloudFront signed URL (not pre-signed URL), you haven't enabled "Restrict Viewer Access" in the Cache behaviour , it you haven't enabled it, it'll not work. CloudFront Signed URL

Since you have not Restrict Viewer Access enabled and you have "Cache based on query string" select to ALL , CloudFront is sending the object name and the query string to Origin S3 and S3 doesn't have the object with this complete name (object+querystring).

The error is from S3, not from CloudFront, your CloudFront signed url looks correct.

{"Statement":[{"Resource":"http://xxxxxxxxxxxxx.cloudfront.net/audio/1-83b63304686e4a1176617a0d515ec69abd1e4e765d4c3730e14c7.mp3","Condition":{"DateLessThan":{"AWS:EpochTime":1572520456}}}]}