PHP AWS SDK | How to create signed URL with custom domain

Question

I'm using AWS SDK with Laravel framework in PHP. Here is my code

$cloudFront = new CloudFrontClient([
    'region'  => env('AWS_REGION'),
    'version' => 'latest'
]);

$path = "R180417XXXX.mp4"

$resourceURL = "https://dbk93n3xxxxxx.cloudfront.net/" . $path;
$expires = Carbon::now()->addMinutes(5)->timestamp;

$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
    'url'         => $resourceURL,
    'expires'     => $expires,
    'private_key' => base_path('pk-APKAI2PXXXXXXXXXXXXX.pem'),
    'key_pair_id' => 'APKAI2PXXXXXXXXXXXXX',
]);

This code is working but the URL it look like this

https://dbk93n3xxxxxx.cloudfront.net/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX

But I'm just setting CNAME in CloudFront like server1.domain.tld I want the signed URL show like

https://server1.domain.tld/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX

I'm have been tried to change $resourceURL to

$resourceURL = "https://server1.domain.tld/" . $path;

It's not working.

It's response status code 403 and I has been set Origin Access Identity I don't know why not working

Here is my Amazon S3 Policy

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2OP22ZEXXXXXX"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::server1.domain.tld/*"
        }
    ]
}

Please help...

Thanks

Answer 1

In Route53, there needs to be a hosted zone for your tld and a record set of type CNAME that is an alias to Cloudfront distribution.

Here are steps to follow:

• Create certificate in Certificates Manager for domain.tld and server1.domain.tld.

• Edit your Cloudfront Distribution Settings and set SSL certificate for the distribution to the custom one.

• Ensure that Alternate Domain Names (CNAMEs) for your distribution lists server1.domain.tld

• Create Public Hosted Zone for domain.tld in Route53

• Copy 4 Nameservers and update your domain registrar to point to them if domain name wasn't setup originally in Route 53

• Create Record Set in the Hosted Zone for a CNAME alias that points to Cloudfront Distribution.

• Finally, rest easy and see changes propagate to name servers et Viola!