How do I serve restricted video content to the clientside and make sure the video link can not be used to download the video. If I use cloudfront signed url is there a chance that user can download the video before the expiration time.
You have 2 choices to restrict CloudFront content:
When you grant either of these the user will have unlimited access during that time.
If you want to add additional layers of validation you would need to run an application on top, validating before generating a signed URL and returning the content.
You are also free to attach an AWS WAF to your CloudFront distribution to help protect against exploits of your distribution.