{"id":17983020,"url":"https://github.com/minghsu0107/cloudfront-signed-url-cookies","last_synced_at":"2025-09-13T12:15:32.819Z","repository":{"id":144335968,"uuid":"365466440","full_name":"minghsu0107/cloudFront-signed-url-cookies","owner":"minghsu0107","description":"This example shows how to serve private contents on AWS S3 through CloudFront signed URL and signed cookies.","archived":false,"fork":false,"pushed_at":"2023-02-12T16:18:27.000Z","size":32,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-06T09:51:40.478Z","etag":null,"topics":["cloudfront","golang","s3-bucket","signed-url"],"latest_commit_sha":null,"homepage":"https://minghsu0107.github.io/posts/aws-cloudfront-with-signed-url/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/minghsu0107.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-08T08:56:31.000Z","updated_at":"2024-10-29T04:55:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"a651c6cc-11b8-4af1-897a-5aa7814a1c64","html_url":"https://github.com/minghsu0107/cloudFront-signed-url-cookies","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/minghsu0107/cloudFront-signed-url-cookies","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minghsu0107%2FcloudFront-signed-url-cookies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minghsu0107%2FcloudFront-signed-url-cookies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minghsu0107%2FcloudFront-signed-url-cookies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minghsu0107%2FcloudFront-signed-url-cookies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/minghsu0107","download_url":"https://codeload.github.com/minghsu0107/cloudFront-signed-url-cookies/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minghsu0107%2FcloudFront-signed-url-cookies/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267814316,"owners_count":24148328,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudfront","golang","s3-bucket","signed-url"],"created_at":"2024-10-29T18:15:52.112Z","updated_at":"2025-07-30T05:04:35.186Z","avatar_url":"https://github.com/minghsu0107.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS CloudFront with Signed URL\n**This is the repository of [my blog post](https://minghsu0107.github.io/posts/aws-cloudfront-with-signed-url/)**.\n\nThis example shows how to serve private contents on AWS S3 through CloudFront signed URL and signed cookies. We will be using [aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) as the programming client.\n## Prerequisite\n- A S3 bucket.\n- A CloudFront distribution.\n  - Should be created using the S3 owner because S3 bucket policies don’t apply to objects owned by other accounts.\n- The CloudFront bucket access restriction is enabled.\n- A CloudFront origin access identity is created and added to your S3 permission policy.\n- The CloudFront viewer access restriction is enabled and associated with your key group.\n- The public access of your S3 is blocked (default).\n## Usage\n```bash\nS3_REGION=us-east-2 \\\nS3_ACCESS_KEY=my-s3-access-key \\\nS3_SECRET_KEY=my-s3-secret-key \\\nS3_BUCKET=my-s3-bucket \\\nCF_DOMAIN=mycfdomain.cloudfront.net \\\nCF_PUBLIC_KEY_ID=my-cloudfront-access-key \\\nCF_PRIKEY_PATH=my-cloudfront-prikey-path \\\ngo run main.go\n```\n## Result\n1. `hello.txt` will be uploaded to S3 bucket `my-s3-bucket` with key `mysubpath/hello.txt`. Its CloudFront URL `https://mycfdomain.cloudfront.net/mysubpath/hello.txt` will be signed, and the signed URL will be printed to standard output. Users can access the object via this signed URL until it expires after 1 hour.\n2. Signed cookies will be returned and printed to standard output. The signed cookies use the following custom policy:\n    - Allow users to access `https://mycfdomain.cloudfront.net/mysubpath/*` (wildcard).\n    - Signed cookies will expire after 1 hour.\n3. The program will request `https://mycfdomain.cloudfront.net/mysubpath/hello.txt` with signed cookies and print the content of `hello.txt` to standard output.\n4. An http server will be started. Users can set signed cookies via `GET http://localhost/auth`. The following cookies will be set: `CloudFront-Signature`, `CloudFront-Policy`, and `CloudFront-Key-Pair-Id`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fminghsu0107%2Fcloudfront-signed-url-cookies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fminghsu0107%2Fcloudfront-signed-url-cookies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fminghsu0107%2Fcloudfront-signed-url-cookies/lists"}