AWS CloudFormation
User Guide (Version )

AWS::CloudFront::StreamingDistribution TrustedSigners

A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.

If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items.

To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

For more information about updating the distribution configuration, see DistributionConfig in the Amazon CloudFront API Reference.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "AwsAccountNumbers" : [ String, ... ], "Enabled" : Boolean }


AwsAccountNumbers: - String Enabled: Boolean



An AWS account that is included in the TrustedSigners complex type for this distribution. Valid values include:

  • self, which is the AWS account used to create the distribution.

  • An AWS account number.

Required: No

Type: List of String

Update requires: No interruption


Specifies whether you want to require viewers to use signed URLs to access the files specified by PathPattern and TargetOriginId.

Required: Yes

Type: Boolean

Update requires: No interruption

See Also

On this page: