Protect Private Content using CloudFront Signed Cookies
In this post, we will address the following use case:
Let’s suppose we have an asset (for instance a media file or a TTF font file) that we want to use on our public-facing web application but at the same time, we want to prevent any user from accessing that file directly through an URL.
A potential solution is to serve the file through S3 bucket and disable all public access to it. We will then set up a CloudFront distribution to serve this file and ensure that the file is served only if the client sends us signed cookies with the request. Thus giving access to the file to authorized applications.
This post assumes that you are familiar with the terms S3, CloudFront and Postman. We will now look at how to set up the distribution and we will use postman to mock the client requesting the resource.
Part 1: Creating a S3 bucket and CloudFront distribution and securing it.
Following are the steps to achieve the scenario:
- Create a S3 bucket “cf-signed-cookie” and upload a file to it.
