5

The thing I want to achieve is to generate a singedURL pointing CloudFront distribution which originates from S3 bucket.

I have managed to sign the URL which points directly to the S3 bucket as described in following AWS spec - Generate a Presigned Object URL Using AWS SDK for .NET and it worked fine.

But what I really need is to generate signed CloudFront URL.

I assume my Distribution is properly configured as I'm able to access it using (https://d298o8yem5c56d.cloudfront.net/123.pdf) assuming Restrict Viewer Access: is set to No in Behaviors settings. After switching it to Yes it can no longer be accessed without signedURL.

I was trying to use the sample code from AWS Developer Guide: Create a URL Signature Using C# and the .NET Framework

The URL was generated, but what I get is following error message:

<Error> <Code>AccessDenied</Code> <Message>Access denied</Message> </Error>

Any ideas what should I check ?

ChiTec
  • 163
  • 1
  • 1
  • 8

1 Answers1

4

Finally I've solved the issue using the sample code from AWS Developer Guide: Create a URL Signature Using C# and the .NET Framework

The issue seem to be related to the PrivateKey.xml

Remember to replace PrivateKey.xml with your PrivateKey (which can be generated / downloaded from AWS root account settings). As a next step it has to be converted from PEM to XML (required by .NET)

Nice and easy way to convert from PEM to XML is by using an - online converter

ChiTec
  • 163
  • 1
  • 1
  • 8
  • i am having some trouble as well to work with the AWS code example, i specific part i am missing, is what did you put in the "pathToPolicyStmnt", can you share an example of a policy that you used – omriman12 Oct 01 '20 at 06:43
  • 1
    If you value the security of your private key, I would be wary of using an online converter. – ScottieMc Oct 24 '21 at 20:05