Serving private content with signed URLs and signed cookies
Many companies that distribute content over the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee. To securely serve this private content by using CloudFront, you can do the following:
-
Require that your users access your private content by using special CloudFront signed URLs or signed cookies.
-
Require that your users access your content by using CloudFront URLs, not URLs that access content directly on the origin server (for example, Amazon S3 or a private HTTP server). Requiring CloudFront URLs isn't necessary, but we recommend it to prevent users from bypassing the restrictions that you specify in signed URLs or signed cookies.
Topics
- Overview of serving private content
- Task list for serving private content
- Specifying the signers that can create signed URLs and signed cookies
- Choosing between signed URLs and signed cookies
- Using signed URLs
- Using signed cookies
- Using Linux commands and OpenSSL for base64 encoding and encryption
- Code examples for creating a signature for a signed URL