The thing I want to achieve is to generate a singedURL pointing CloudFront distribution which originates from S3 bucket.
I have managed to sign the URL which points directly to the S3 bucket as described in following AWS spec - Generate a Presigned Object URL Using AWS SDK for .NET and it worked fine.
But what I really need is to generate signed CloudFront URL.
I assume my Distribution is properly configured as I'm able to access it using (https://d298o8yem5c56d.cloudfront.net/123.pdf) assuming Restrict Viewer Access: is set to No in Behaviors settings. After switching it to Yes it can no longer be accessed without signedURL.
I was trying to use the sample code from AWS Developer Guide: Create a URL Signature Using C# and the .NET Framework
The URL was generated, but what I get is following error message:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>
Any ideas what should I check ?
Finally I've solved the issue using the sample code from AWS Developer Guide: Create a URL Signature Using C# and the .NET Framework
The issue seem to be related to the PrivateKey.xml
Remember to replace PrivateKey.xml with your PrivateKey (which can be generated / downloaded from AWS root account settings). As a next step it has to be converted from PEM to XML (required by .NET)
Nice and easy way to convert from PEM to XML is by using an - online converter