I'm using AWS SDK with Laravel framework in PHP. Here is my code
$cloudFront = new CloudFrontClient([
'region' => env('AWS_REGION'),
'version' => 'latest'
]);
$path = "R180417XXXX.mp4"
$resourceURL = "https://dbk93n3xxxxxx.cloudfront.net/" . $path;
$expires = Carbon::now()->addMinutes(5)->timestamp;
$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
'url' => $resourceURL,
'expires' => $expires,
'private_key' => base_path('pk-APKAI2PXXXXXXXXXXXXX.pem'),
'key_pair_id' => 'APKAI2PXXXXXXXXXXXXX',
]);
This code is working but the URL it look like this
https://dbk93n3xxxxxx.cloudfront.net/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX
But I'm just setting CNAME in CloudFront like server1.domain.tld
I want the signed URL show like
https://server1.domain.tld/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX
I'm have been tried to change $resourceURL
to
$resourceURL = "https://server1.domain.tld/" . $path;
It's not working.
It's response status code 403
and I has been set Origin Access Identity
I don't know why not working
Here is my Amazon S3 Policy
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2OP22ZEXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::server1.domain.tld/*"
}
]
}
Please help...
Thanks
In Route53, there needs to be a hosted zone for your tld and a record set of type CNAME that is an alias to Cloudfront distribution.
Here are steps to follow:
Create certificate in Certificates Manager for domain.tld and server1.domain.tld.
Edit your Cloudfront Distribution Settings and set SSL certificate for the distribution to the custom one.
Ensure that Alternate Domain Names (CNAMEs) for your distribution lists server1.domain.tld
Create Public Hosted Zone for domain.tld in Route53
Copy 4 Nameservers and update your domain registrar to point to them if domain name wasn't setup originally in Route 53
Create Record Set in the Hosted Zone for a CNAME alias that points to Cloudfront Distribution.
Finally, rest easy and see changes propagate to name servers et Viola!