Can I use signed and unsigned urls on the same Cloudfront distribution?
The title more or less says it all. Judging from the fact that "restrict viewer access" section of the Cloudfront management console (picture below) uses radio buttons, It appears that its an either/or situation.
QUESTION: Are there other ways to parse one's S3 bucket such that it can have both public (i.e., viewable by anyone) and private (i.e., signed urls) content in it?
I can answer my own question. Yes, you can have signed and unsigned urls at the same Cloudfront distribution. In the example below, my distribution is called blahblah.cloudfront.com. The key is to specify two "origin server"s. One for the signed urls and another for the unsigned urls.
->AWS Management Console->Cloudfront->Distribution settings of selected Distribution
->Origins: create both origins (e.g., pointing to 2 different S3 buckets)
->Behaviors: create "path patterns" for each origin such that Cloudfront can
distinguish which origin the Cloudfront url points to. E.g., in my S3 bucket named
"tim-UNsigned-bucket" I set the path pattern to `uploads/*`. For my signed url bucket,
I gave it the more general path pattern of `*` and prioritized it 2nd.
As you can see below, this means that my unsigned url includes the path, uploads/,
whereas my signed does not.
Resulting Cloudfront url structure:
Signed urls:
https:// or http://blahblah.cloudfront.com/file1.jpg?Policy=asf...UNsigned urls:
https:// or http://blahblah.cloudfront.com/uploads/file2.jpg
Note: Making any of these changes can take Cloudfront several minutes (5-15 minutes) to update. Therefore, do your best to make all the changes in my directions with the fewest mistakes possible otherwise it will take you forever.
- HTTP requests not working on aws ec2
- Amazon EC2 and EBS disk space problem
- How do I enable Data API?
- CDK Pipelines - Migrating a database in the pipeline
- Do environment variables in ECS Fargate task definitions support interpolation?
- Upgrading AWS RDS aurora from serverless v1 to serverless v2 using terraform
- AWS IAM user not able to see Billing and Cost Management Dashboard
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- Deleting last element in a DynamoDB string set
- AWS CLI on Windows won't work though using double quotes and escapes
- How to resolve 'Step Functions State Machine is not authorized to create managed-rule'?
- Understanding SQS message receive amount
- AWS Glue JDBC Connection created using Cloud Formation is not setting the password
- CloudFront charges after you invalidate your distribution over 1,000 times, does the count reset each month?
- AWS Cognito federated user login not allowing to sign in as different user after log out
- AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
- Provide AWS Lex response in Hyperlink format
- Fixing yaml indentation with python
- Generate S3 URL in "path-style" format
- Trying to find the ARN pattern for AWS WAF regional
- AWS cognito: What's the difference between Access and Identity tokens?
- virtually isolate the network in the same AWS Cloud Account
- AWS start sandbox from tutorial
- Can I stop a spot instance in aws just like I can stop and start an on demand ec2 instance
- FastAPI app works locally, but /blogs endpoint causes redirect loop on AWS Lambda deployment
- Get pdftotext Python module running on Lambda
- Kubernetes: how to set VolumeMount user group and file permissions
- Invalid arn error for terraform code with kms data resource
- Unable to import module 'src.main': No module named 'dependencies' when uploading FastAPI zipped project to AWS Lambda
- Unable to update AWS AppRunner VPC connector via CDK