I am looking into using aws cloudfront with signed cookies to serve static protected content on my webpage. AWS documentation here says we should set 3 cookies which should be passed those to our cloudfront urls (images/css/html/js/etc). Its not clear how do to this as cloudfront will be a separate domain than the one which served the page.
mywebsite.com will server a page which has links to static CDN content on mycloudfrontsubdomain.cloudfront.net and should pass the signed cookies to gain access. How do I set cookies on cloudfront.net from my own domain or is there some way AWS can do this for you. Im not great with front end web development (Im mostly backend) but my understanding is we cant set cookies for a different domain that did not serve up the current page. I would assume AWS has some endpoint we could call to have cloudfront set cookies?
Cloudfront supports alternate domain names.
For example, you can set your Cloudfront distribution to have an alternate domain name of mycloudfrontsubdomain.mywebsite.com. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LinkFormat.html#LinkFormat_OwnDomain
Now you can set a cookie from mywebsite.com with a domain of mywebsite.com. Cookie with that domain will also include all subdomains (so also including cloudfront). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes