Generate a policy document that describes custom access permissions to
apply via a private distribution's signed URL.
Declaration Syntax
Parameters
- resourcePath (String)
-
An optional HTTP/S or RTMP resource path that restricts which
distribution and S3 objects will be accessible in a signed
URL. For standard distributions the resource URL will be
"http://" + distributionName + "/" + objectKey (may
also include URL parameters. For distributions with the HTTPS
required protocol, the resource URL must start with
"https://". RTMP resources do not take the form of a
URL, and instead the resource path is nothing but the stream's
name. The '*' and '?' characters can be used as a wildcards to
allow multi-character or single-character matches
respectively:
- * : All distributions/objects will be accessible
- a1b2c3d4e5f6g7.cloudfront.net/* : All objects within the distribution a1b2c3d4e5f6g7 will be accessible
- a1b2c3d4e5f6g7.cloudfront.net/path/to/object.txt : Only the S3 object named path/to/object.txt in the distribution a1b2c3d4e5f6g7 will be accessible.
- epochDateLessThan (DateTime)
- An optional UTC time and date when the signed URL will become active. If null, the signed URL will be active as soon as it is created.
- limitToIpAddressCIDR (String)
- An optional range of client IP addresses that will be allowed to access the distribution, specified as a CIDR range. If null, the CIDR will be 0.0.0.0/0 and any client will be permitted.
Return Value
A policy document describing the access permission to apply when
generating a signed URL.