Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
By Philipp Burckhardt - Oct 17, 2024
@aws-sdk/cloudfront-signer
Advanced tools
@aws-sdk/cloudfront-signer
This package provides functions to generate signed urls and cookies for accessing private content on CloudFront based on a CloudFront trusted key group key pair.
What is @aws-sdk/cloudfront-signer?
@aws-sdk/cloudfront-signer is a package within the AWS SDK for JavaScript that allows you to create signed URLs and signed cookies for Amazon CloudFront. This is useful for controlling access to your content by generating URLs and cookies that are valid for a limited time or for specific IP addresses.
What are @aws-sdk/cloudfront-signer's main functionalities?
Create Signed URL
This feature allows you to create a signed URL for a CloudFront distribution. The signed URL will be valid for a specified period, allowing temporary access to the content.
const { getSignedUrl } = require('@aws-sdk/cloudfront-signer');
const url = 'https://example.cloudfront.net/myfile.jpg';
const privateKey = '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----';
const keyPairId = 'APKA...';
const options = {
url,
keyPairId,
privateKey,
expireTime: Math.floor(Date.now() / 1000) + 3600 // 1 hour from now
};
const signedUrl = getSignedUrl(options);
console.log(signedUrl);Create Signed Cookies
This feature allows you to create signed cookies for a CloudFront distribution. The signed cookies will be valid for a specified period, allowing temporary access to the content.
const { getSignedCookies } = require('@aws-sdk/cloudfront-signer');
const url = 'https://example.cloudfront.net/myfile.jpg';
const privateKey = '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----';
const keyPairId = 'APKA...';
const options = {
url,
keyPairId,
privateKey,
expireTime: Math.floor(Date.now() / 1000) + 3600 // 1 hour from now
};
const signedCookies = getSignedCookies(options);
console.log(signedCookies);Other packages similar to @aws-sdk/cloudfront-signer
aws-cloudfront-sign
The aws-cloudfront-sign package is another alternative for generating signed URLs and cookies for CloudFront. It offers similar features but may have different API conventions and less integration with the broader AWS SDK.
@aws-sdk/cloudfront-signer
This package provides functions to generate signed urls and cookies for accessing private content on CloudFront based on a CloudFront trusted key group key pair.
Please note the process for creating a signed URL with Cloudfront is very different than the process for S3. For more information, please visit the documentation for restricting CloudFront content with signed URLs and signed cookies.
Sign a URL
JavaScript Example:
import { getSignedUrl } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedUrl } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01"; // any Date constructor compatible
const signedUrl = getSignedUrl({
url,
keyPairId,
dateLessThan,
privateKey,
});
Sign a URL with a Policy
import { getSignedUrl } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedUrl } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";
const policy = {
Statement: [
{
Resource: url,
Condition: {
DateLessThan: {
"AWS:EpochTime": new Date(dateLessThan).getTime() / 1000, // time in seconds
},
},
},
],
};
const policyString = JSON.stringify(policy);
const cookies = getSignedUrl({
keyPairId,
privateKey,
policy: policyString,
// url is automatically extracted from the policy, however you could still overwrite it if needed
});
Get signed cookies for a resource
import { getSignedCookies } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedCookies } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";
const cookies = getSignedCookies({
url,
keyPairId,
dateLessThan,
privateKey,
});
Get signed cookies with a Policy
import { getSignedCookies } from "@aws-sdk/cloudfront-signer"; // ESM
// const { getSignedCookies } = require("@aws-sdk/cloudfront-signer"); // CJS
const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";
const policy = {
Statement: [
{
Resource: url,
Condition: {
DateLessThan: {
"AWS:EpochTime": new Date(dateLessThan).getTime() / 1000, // time in seconds
},
},
},
],
};
const policyString = JSON.stringify(policy);
const cookies = getSignedCookies({
keyPairId,
privateKey,
policy: policyString,
});
3.598.0 (2024-06-14)
Bug Fixes
- lib-storage: ignore overall data content-length for UploadPart operation (#6131) (fbfce55)
- util-dynamodb: fix signature overload resolution for marshall() fn (#6195) (3682a43)
Features
- client-datazone: This release introduces a new default service blueprint for custom environment creation. (2d57a05)
- client-macie2: This release adds support for managing the status of automated sensitive data discovery for individual accounts in an organization, and determining whether individual S3 buckets are included in the scope of the analyses. (5d00c7e)
- client-mediaconvert: This release adds the ability to search for historical job records within the management console using a search box and/or via the SDK/CLI with partial string matching search on input file name. (33a5089)
- client-route-53-domains: Add v2 smoke tests and smithy smokeTests trait for SDK testing. (f397a80)
FAQs
This package provides functions to generate signed urls and cookies for accessing private content on CloudFront based on a CloudFront trusted key group key pair.
We found that @aws-sdk/cloudfront-signer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 14 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Enhancing Open-Source Compliance: Introducing Socket’s Advanced License Analysis
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
By Christopher Bailey - Oct 17, 2024
Product
Introducing Socket Optimize
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.
By John-David Dalton - Oct 16, 2024