How to sign Url on behalf of a certain origin access identity (cloud front)
Question
I want two origin access identities for cloud front (and s3). One that can just view content , and another , that can just put content (and maybe another that can just delete )
I know I can create an Origin access identity , and in my s3 bucket policy , I can specify which identity has how much access.
But , while signing urls , I don't see any option to choose this identity. The php code I'm using :
$customPolicy = <<<POLICY
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"statement1",
"Effect":"Allow",
"Action":[
"s3:CreateBucket", "s3:ListAllMyBuckets", "s3:GetBucketLocation"
],
"Resource":[
"arn:aws:s3:::*"
]
}
]
}
POLICY;
// Create a signed URL for the resource using the canned policy
$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
'url' => $streamHostUrl . '/' . $resourceKey,
'private_key' => base_path().'/'.'cloudfront.pem',
'key_pair_id' => 'my key pair id',
'policy' => $customPolicy
]);
How does one tell aws who to sign on behalf of ? I created a key pair for cloud front following http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs .
1 answers
solution1
0 2016-07-06 17:25:37
Your key-pair is assigned to an IAM user. This is the signing identity.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.