AWS SDK for Go (PILOT)
API Reference

PREVIEW DOCUMENTATION - This is a preview of a new format for the AWS SDK for Go API Reference documentation. For the current AWS SDK for Go API Reference, see https://docs.aws.amazon.com/sdk-for-go/api/.

We welcome your feedback on this new version of the documentation. Send your comments to aws-sdkdocs-feedback@amazon.com.

URLSigner

import "github.com/aws/aws-sdk-go/service/cloudfront/sign"

type URLSigner struct { }

An URLSigner provides URL signing utilities to sign URLs for Amazon CloudFront resources. Using a private key and Credential Key Pair key ID the URLSigner only needs to be created once per Credential Key Pair key ID and private key.

The signer is safe to use concurrently.

Method

Sign

func (s URLSigner) Sign(url string, expires time.Time) (string, error)

Sign will sign a single URL to expire at the time of expires sign using the Amazon CloudFront default Canned Policy. The URL will be signed with the private key and Credential Key Pair Key ID previously provided to URLSigner.

This is the default method of signing Amazon CloudFront URLs. If extra policy conditions are need other than URL expiry use SignWithPolicy instead.

Example:

// Sign URL to be valid for 1 hour from now. signer := sign.NewURLSigner(keyID, privKey) signedURL, err := signer.Sign(rawURL, time.Now().Add(1*time.Hour)) if err != nil { log.Fatalf("Failed to sign url, err: %s\n", err.Error()) }

SignWithPolicy

func (s URLSigner) SignWithPolicy(url string, p *Policy) (string, error)

SignWithPolicy will sign a URL with the Policy provided. The URL will be signed with the private key and Credential Key Pair Key ID previously provided to URLSigner.

Use this signing method if you are looking to sign a URL with more than just the URL's expiry time, or reusing Policies between multiple URL signings. If only the expiry time is needed you can use Sign and provide just the URL's expiry time. A minimum of at least one policy statement is required for a signed URL.

Note: It is not safe to use Polices between multiple signers concurrently

Example:

// Sign URL to be valid for 30 minutes from now, expires one hour from now, and // restricted to the 192.0.2.0/24 IP address range. policy := &sign.Policy{ Statements: []sign.Statement{ { Resource: rawURL, Condition: sign.Condition{ // Optional IP source address range IPAddress: &sign.IPAddress{SourceIP: "192.0.2.0/24"}, // Optional date URL is not valid until DateGreaterThan: &sign.AWSEpochTime{time.Now().Add(30 * time.Minute)}, // Required date the URL will expire after DateLessThan: &sign.AWSEpochTime{time.Now().Add(1 * time.Hour)}, }, }, }, } signer := sign.NewURLSigner(keyID, privKey) signedURL, err := signer.SignWithPolicy(rawURL, policy) if err != nil { log.Fatalf("Failed to sign url, err: %s\n", err.Error()) }

On this page: