I intend to private object in public bucket, thus restricting access to object, not other objects in bucket. And I want to setup CloudFront to serve content with Signed URLs. Now in AWS S3 documentation, I see two different terms, one is Pre-signed URL to access private object, and other is Signed URL which requires downloading private key etc and do something more.
What is difference between Pre-Signed URL and Signed URLs? Can I use
PreSignedURL's with CloudFront?
C# Library has method GetPreSignedURL, does it automatically download private keys etc and does signing or this GetPreSignedURL method is different then S3 URL Signing that requires setting up private keys and then signing URL?
From AWS docs
A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. That is, if you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the necessary permissions to upload that object.
Again, from AWS docs
A signed URL includes additional information, for example, an expiration date and time, that gives you more control over access to your content. This additional information appears in a policy statement, which is based on either a canned policy or a custom policy. The differences between canned and custom policies are explained in the next two sections.