Where to place Cloudfront Key Pairs for Wordpress Authentication

Question

Been following this guide on AWS: AWS Serving Private Content

I have setup a web cloudfront distribution and what I am doing is serving private content from my s3 bucket using an Origin Access Identity to access the resources within.

I am running into a roadblock when it gets to the cookie and signed url authentication--I am using wordpress. I have my cloudfront key pairs, but I am not quite sure where to go from here.

I have successfully served content via cdn when not using OAI and utilizing WP TotalCache plugins and such, but too many things are needed to be made public and the bucket policys for url and ip address restrictions are not quite working for me.

This step in process pretty much sums up where I am stuck:

Write your application to respond to requests from authorized users either with signed URLs or with Set-Cookie headers that set signed cookies. For more information, see Choosing Between Signed URLs and Signed Cookies.

Any next steps or suggestions would be very much appreciate.

Thanks a lot!

Sean

Answer 1

Step 1 - Choose between signed URLs and Cookies. Use Signed Cookies if your users need access to multiple files (restricted area in Wordpress).

Step 2 - Specify the AWS accounts for the creation of signed URLs/Cookies.

Step 3 - Develop your app to set the three required cookies (CloudFront-Key-Pair-Id, CloudFront-Signature and CloudFront-Policy/CloudFront-Expires).

Alternatively use the AWS SDK to generate signed URLs/Cookies. ie: PHP's getSignedUrl() or getSignedCookie() methods.

Answer 2

Did you end up implementing the code in the functions.php? I'm looking to do the same, but the link provided by gboda is expired. I would really appreciate it if you could post the final code snippet here.