Search code examples
amazon-web-servicesweb-applicationsamazon-cloudfrontcdnmern

How can I serve the restricted cloudfront s3 content to client side of the application?

How do I serve restricted video content to the clientside and make sure the video link can not be used to download the video. If I use cloudfront signed url is there a chance that user can download the video before the expiration time.

Solution

  • You have 2 choices to restrict CloudFront content:

    • Signed URLs as you said, these are for accessing a particular file. The generated URL will be accessible for the duration it has been signed for.
    • Signed cookies, similar to signed URLs but allows all content from the CloudFront distribution to be accessible within signing every time. When this expires the user will lose all access to the content from the CloudFront distribution.

    When you grant either of these the user will have unlimited access during that time.

    If you want to add additional layers of validation you would need to run an application on top, validating before generating a signed URL and returning the content.

    You are also free to attach an AWS WAF to your CloudFront distribution to help protect against exploits of your distribution.