AWS CloudFormation
User Guide (Version )

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS::CloudFront::StreamingDistribution TrustedSigners

A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.

If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items. For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items.

To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

For more information about updating the distribution configuration, see DistributionConfig in the Amazon CloudFront API Reference.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "AwsAccountNumbers" : [ String, ... ], "Enabled" : Boolean }


AwsAccountNumbers: - String Enabled: Boolean



An AWS account that is included in the TrustedSigners complex type for this distribution. Valid values include:

  • self, which is the AWS account used to create the distribution.

  • An AWS account number.

Required: No

Type: List of String

Update requires: No interruption


Specifies whether you want to require viewers to use signed URLs to access the files specified by PathPattern and TargetOriginId.

Required: Yes

Type: Boolean

Update requires: No interruption

See Also

On this page: