How to test viewing restricted contents in AWS using signed cookies?

1
votes

I have created a cloudfront distribution and configured with restrict viewer access. So i'm just looking for a way to view the contents within the distribution by assigning the cookies. I've manage to generate the below signed cookies. { "CloudFront-Policy": "CloudFront-Key-Pair-Id": "CloudFront-Signature": }

Can we just call the cloudfront destination(https://d1fzlamzw9yswb.cloudfront.net/17-Sep-201%3A05%3A48_1.jpg) in browser and test it whether it works by assigning cookies from browser? What is the best way to test whether the signed cookies are working or not?

1
amazon-web-servicescookiesamazon-cloudfront
Can you access the content without the signed cookie? - StefanN
@StefanN if i remove the restrict viewer access from the distribution, I can access the content without signed cookies. But after I enable the restrict viewer access option I could not access the content without signed cookies. What I need to know is a way to test this by assigning the cookies and how can I assign the cookies for testing. - Miuru Shalinda Rajapaksha
Hi, did you manage to solve your problem with my answer? - StefanN
@StefanN these are my 3 cookies. CloudFront-Policy": "eyJTdGF0ZW1.." , "CloudFront-Key-Pair-Id": "K2F5VZ9..", "CloudFront-Signature": "D81Wi2zIcC9O4c4i4puc...", and this is my cloufront url d1fzlamzw9yswb.cloudfront.net , I want to access a file using this url d1fzlamzw9yswb.cloudfront.net/file . How can I do this ? Im not clear about the answer you have given - Miuru Shalinda Rajapaksha
I have edited the answer with a concrete example. Please check if it helps solve the issue now. - StefanN

1 Answers

0
votes

I assume that you already created a signed cookie.

You can use curl to send cookies to your CloudFront distribution. This is one way of testing if your setup works correctly. Here is how to pass a cookie with your request:

curl -b 'session=session_id' https://yourdistribution.cloudfront.net

The full header that curl sets for this request looks like this Cookie: session=session_id

UPDATE: Concretely, CloudFront will expect the following cookie set:

curl -v -X GET --output test-file -b "CloudFront-Expires=4762454400" -b "CloudFront-Signature=k9CxLm0HL5v6bx..." -b "CloudFront-Key-Pair-Id=APKA..." "https://yourdistribution.cloudfrontnet/test-file"

Alternatively, we can also use --cookie flag, like this:

curl -v -X GET --output test-file --cookie "CloudFront-Expires=4762454400;CloudFront-Signature=k9CxLm0HL5v6bx...;CloudFront-Key-Pair-Id=APKA..." "https://yourdistribution.cloudfrontnet/test-file"

Best, Stefan