Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@aws-sdk/cloudfront-signer
Advanced tools
@aws-sdk/cloudfront-signer
This package provides functions to generate signed urls and cookies for accessing private content on CloudFront based on a CloudFront trusted key group key pair.
What is @aws-sdk/cloudfront-signer?
@aws-sdk/cloudfront-signer is a package within the AWS SDK for JavaScript that allows you to create signed URLs and signed cookies for Amazon CloudFront. This is useful for controlling access to your content by generating URLs and cookies that are valid for a limited time or for specific IP addresses.
What are @aws-sdk/cloudfront-signer's main functionalities?
Create Signed URL
This feature allows you to create a signed URL for a CloudFront distribution. The signed URL will be valid for a specified period, allowing temporary access to the content.
const { getSignedUrl } = require('@aws-sdk/cloudfront-signer');
const url = 'https://example.cloudfront.net/myfile.jpg';
const privateKey = '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----';
const keyPairId = 'APKA...';
const options = {
url,
keyPairId,
privateKey,
expireTime: Math.floor(Date.now() / 1000) + 3600 // 1 hour from now
};
const signedUrl = getSignedUrl(options);
console.log(signedUrl);Create Signed Cookies
This feature allows you to create signed cookies for a CloudFront distribution. The signed cookies will be valid for a specified period, allowing temporary access to the content.
const { getSignedCookies } = require('@aws-sdk/cloudfront-signer');
const url = 'https://example.cloudfront.net/myfile.jpg';
const privateKey = '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----';
const keyPairId = 'APKA...';
const options = {
url,
keyPairId,
privateKey,
expireTime: Math.floor(Date.now() / 1000) + 3600 // 1 hour from now
};
const signedCookies = getSignedCookies(options);
console.log(signedCookies);Other packages similar to @aws-sdk/cloudfront-signer
aws-cloudfront-sign
The aws-cloudfront-sign package is another alternative for generating signed URLs and cookies for CloudFront. It offers similar features but may have different API conventions and less integration with the broader AWS SDK.
@aws-sdk/cloudfront-signer
This package provides functions to generate signed urls and cookies for accessing private content on CloudFront based on a CloudFront trusted key group key pair.
Please note the process for creating a signed URL with Cloudfront is very different than the process for S3. For more information, please visit the documentation for restricting CloudFront content with signed URLs and signed cookies.
Sign a URL
JavaScript Example:
import { getSignedUrl } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedUrl } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01"; // any Date constructor compatible
const signedUrl = getSignedUrl({
url,
keyPairId,
dateLessThan,
privateKey,
});
Sign a URL with a Policy
import { getSignedUrl } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedUrl } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";
const policy = {
Statement: [
{
Resource: url,
Condition: {
DateLessThan: {
"AWS:EpochTime": new Date(dateLessThan).getTime() / 1000, // time in seconds
},
},
},
],
};
const policyString = JSON.stringify(policy);
const signedUrl = getSignedUrl({
keyPairId,
privateKey,
policy: policyString,
// url is automatically extracted from the policy, however you could still overwrite it if needed
});
Get signed cookies for a resource
import { getSignedCookies } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedCookies } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";
const cookies = getSignedCookies({
url,
keyPairId,
dateLessThan,
privateKey,
});
Get signed cookies with a Policy
import { getSignedCookies } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedCookies } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";
const policy = {
Statement: [
{
Resource: url,
Condition: {
DateLessThan: {
"AWS:EpochTime": new Date(dateLessThan).getTime() / 1000, // time in seconds
},
},
},
],
};
const policyString = JSON.stringify(policy);
const cookies = getSignedCookies({
keyPairId,
privateKey,
policy: policyString,
});
3.893.0 (2025-09-19)
Features
- client-bedrock-agentcore-control: Add tagging and VPC support to AgentCore Runtime, Code Interpreter, and Browser resources. Add support for configuring request headers in Runtime. Fix AgentCore Runtime shape names. (9ab54a2)
- client-config-service: Add UNKNOWN state to RemediationExecutionState and add IN_PROGRESS/EXITED/UNKNOWN states to RemediationExecutionStepState. (9b89d93)
- client-connect: This release adds a persistent connection field to UserPhoneConfig that maintains agent's softphone media connection for faster call connections. (59e863b)
- client-license-manager-user-subscriptions: Added support for cross-account Active Directories. (22e49d1)
- client-medialive: Add MinBitrate for QVBR mode under H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames, SubGopLength fields under H265 output codec. (25f22be)
- clients: update client endpoints as of 2025-09-19 (3726908)
FAQs
This package provides functions to generate signed urls and cookies for accessing private content on CloudFront based on a CloudFront trusted key group key pair.
The npm package @aws-sdk/cloudfront-signer receives a total of 233,953 weekly downloads. As such, @aws-sdk/cloudfront-signer popularity was classified as popular.
We found that @aws-sdk/cloudfront-signer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 19 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025