NodeJS: Signed Cloudfront S3 Url, not expired

Asked Aug 26 '17 at 15:06

Active Aug 26 '17 at 15:06

Viewed 724 times

I used aws-cloudfront-sign to sign the S3 url for distributing private content. My code:

var moment = require('moment');
var cf = require('aws-cloudfront-sign');
var options = {
    keypairId: 'APxxxxxxxxxxxxxyyyyy', 
    privateKeyPath: '/path/to/pem/private/file',
    expireTime: moment().add(30, 'seconds') //available in 30s
 }
var signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('signed url: ' + signedUrl);

I can receive the signed url, and open it in browser.

Problem: after 30s as I assigned, the signed url link is still available, not expired.

Any suggestion is appreciated

asked Aug 26 '17 at 15:06

Phong Vu

2,726
6
24
52

Are you sure it isn't just your browser displaying its locally-cached copy? Or perhaps you haven't configured the CloudFront cache behavior to actually require signed URLs, such that *any* request is being allowed, signed or not? What is the `Expires=` value or `Policy=` value from the resulting URL? – Michael - sqlbot Aug 26 '17 at 23:02
Hi, everything is fine, just my mistake is I didn't enable the Restrict Viewer Access from Cloudfront. – Phong Vu Aug 27 '17 at 23:10

NodeJS: Signed Cloudfront S3 Url, not expired

0 Answers0