PHP AWS SDK | How to create signed URL with custom domain
Question
I'm using AWS SDK with Laravel framework in PHP. Here is my code
$cloudFront = new CloudFrontClient([
'region' => env('AWS_REGION'),
'version' => 'latest'
]);
$path = "R180417XXXX.mp4"
$resourceURL = "https://dbk93n3xxxxxx.cloudfront.net/" . $path;
$expires = Carbon::now()->addMinutes(5)->timestamp;
$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
'url' => $resourceURL,
'expires' => $expires,
'private_key' => base_path('pk-APKAI2PXXXXXXXXXXXXX.pem'),
'key_pair_id' => 'APKAI2PXXXXXXXXXXXXX',
]);
This code is working but the URL it look like this
https://dbk93n3xxxxxx.cloudfront.net/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX
But I'm just setting CNAME in CloudFront like server1.domain.tld I want the signed URL show like
https://server1.domain.tld/R180417XXXX.mp4?Expires=1524389577&Signature=RmBDMqM4SMadsQstrgVpUiLoJ50dvKoxNI081Joa7WjSg5eelziQqtDrcs~klbDHvs7rMaq2McfHUQijrcLe7F9tDbn7oOxEC4kfPPCMbhqqjtBWavPmM8Zv8QhH50dPuNHwnEj4pIGUpm9FmAvDhCSExCv0uBMWUREJ9YKQJFHZcPJyKBtjPcJVzIGpnj2bQn3xNGO5AUlutsyeSWUqdvtNOLb3xurgx4WzcVotgB~BZo-bQxo3ieXFbKWAPQXMPl93YpuX5W10l4YtYPULrAtJVQZKUIFcfifnECnqg~IgtbkFbyLdM5e87ZiC837Hj-AphmlEshnY-MHWyEU24g__&Key-Pair-Id=APKAI2PXXXXXXXXXXXXX
I'm have been tried to change $resourceURL to
$resourceURL = "https://server1.domain.tld/" . $path;
It's not working.
It's response status code 403 and I has been set Origin Access Identity I don't know why not working
Here is my Amazon S3 Policy
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2OP22ZEXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::server1.domain.tld/*"
}
]
}
Please help...
Thanks
1 answers
solution1
0 ACCPTED 2018-05-02 04:38:06
In Route53, there needs to be a hosted zone for your tld and a record set of type CNAME that is an alias to Cloudfront distribution.
Here are steps to follow:
Create certificate in Certificates Manager for domain.tld and server1.domain.tld .
Edit your Cloudfront Distribution Settings and set SSL certificate for the distribution to the custom one.
Ensure that Alternate Domain Names (CNAMEs) for your distribution lists server1.domain.tld
Create Public Hosted Zone for domain.tld in Route53
Copy 4 Nameservers and update your domain registrar to point to them if domain name wasn't setup originally in Route 53
Create Record Set in the Hosted Zone for a CNAME alia s that points to Cloudfront Distribution.
Finally, rest easy and see changes propagate to name servers et Viola!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.