Advertisements
But, is this secure? What if a third party came to know about your urls? can they access it? Of course they can! What if you got the videos from a Production house and you have signed privacy agreements? Can you still serve you content unprotected? They will sue you.
So it is better to use a little more security. Cloudfront offers a lot of security features.
Configuring Amazon s3 bucket:
First thing is block the s3 access for outsiders.How to do this? Deny all the read/write permissions on this s3 bucket. Allow only read access to cloudfront distribution via Origin Access Identity(OAI).
Origin Access Identity is a cloudfront user. On s3 buckets you set permission for this OAI to read the files in s3 buckets.
How it works?
You need to create a cloudfront key pair from the aws console. It will give you a pair of public key and private key. Download the private key. The key pair will have an ID also. Note it down.
Whenever you make a request to play a video, sign the request with the private key as explained here and send the request. Cloudfront will validate the url along with the signature,key paid-id and expiry time and play the content.
See the diagram for the detailed view of how signed urls works with amazon cloudfront.
 | |
| Serving private content through amazon cloudfront |
As you are specifying the url is valid for only a particular time, even if some third person gets the url, it becomes invalid(you need to set this a small time and create a new signed url whenever making a request) and they wont be able to play the urls without signing it.
The examples programs for signing had given in the Amazon documentation. See it here.
Related :
how to check the amazon cloudfront edge-location in use.
how to create custom error pages in amazon cloudfront.
No comments:
Post a Comment
Be nice. That's all.