How to Add Trusted Signers to the CloudFront Distribution

How to Add Trusted Signers to the CloudFront Distribution

AWS CloudFront is a content distribution service offered by AWS to speed up the distribution of static content, such as media files, html, js, css, etc. The user needs to create a distribution of their bucket or of the AWS service.

The user may want to restrict access of the object distributed through CloudFront. The user can specify access of the object using CloudFront signed URLs such that others cannot access it without the signed URL. To create signed URLs for the AWS S3 objects, the user needs at least one AWS account that has an active CloudFront key pair. This account is called the trusted signer.

When the trusted signer is added to the CloudFront distribution, CloudFront requires that the user uses a signed URL to access the object from AWS S3. CloudFront verifies the signed URL to ensure that it is valid and not tampered.

The present guide demonstrates how to add trusted signers for CloudFront streaming or the download distribution.

1. To add accounts to trusted signers it is required to know the account number of that AWS user. The account number can be retrieved from the AWS Account Activity.

2. Go to the AWS CloudFront console using the URL. The console lists all the existing streaming as well as the download distributions. Create a new download distribution or create a new streaming distribution. Go to the CloudFront configuration settings by clicking on the [i] button.

3. If the user has selected the download distribution in step#2, then select the “Behaviors” tab as the trusted signers are linked with the Cached behavior in the download distribution.

4. In the Behaviors configuration, select behavior and click on the “Edit” button.

5. If the user has selected download distribution in step#2, then click on “Edit” from the streaming properties page.

6. In Restrict Viewer Access, select “yes”. If the user wants to add other accounts then “self” select the “Specify Account” checkbox.

7. Provide the account numbers obtained in step#1 to the AWS Account Numbers field. These accounts can access the object of distribution only with a signed URL.

8. Once the changes have been updated, it will be reflected in the Streaming distribution, as shown below.

9. If the changes were made for the download distribution, it will be reflected, as shown below.

10. The distribution will now be updated. It may take around 10-15 minutes to complete the update process.

11. After the trusted signers have been added, the user must use the signed URL to access the streaming or download distribution object.

Keywords: Amazon Web Services, AWS, Amazon AWS Console, AWS S3, Amazon CloudFront, AWS CloudFront, CloudFront, AWS EC2, AWS S3, Amazon S3, Download Distribution, AWS IAM, CloudFront Key Pairs, Trusted Signers, CDN, Content Distribution Network

You must be to post a comment.

* As a bonus, you'll receive our weekly newsletter!

Hitchhiker's Guide to The Cloud

Newvem's eBook for Cloud Operations