-
Notifications
You must be signed in to change notification settings - Fork 56
Signed URLs
Welcome to Signed URLs. To sign URLs we are using Public Key and Private Key system laid out here in the CloudFront docs.
The Lambda function included with the signed URL options is used to generate the policy to appends for the video resource of choice. The policy generated gives * access to any subfolder of the item id provided as to provide access to the entire playlist and video files. This signed url policy returned will need to be appended to all requests sent for the items files.
Inputs should be the id of the film that has been transcoded and available in the output bucket.
The output provides access to the film through CloudFront using a crafted URL:
'https://<cf_id>.cloudfront.net/<item_id>/<item_id>.m3u8' + '<output_from_lambda>'
IF you have a reason to export your private key follow these steps. DO NOT DO this unless you know what you are doing.
- Open
./amplify/backend/video/<projectname>/props.json - Locate
secretPemand note down the id associated to that entry. - Run this command
aws secretsmanager get-secret-value --secret-id <secret_id>in your profile - Base64 decode the SecretBinary value returned to get your private key
Run amplify video update and answer with the same answers you provided before (should be the default highlighted).
When you see We detected you have signed urls configured. Would you like to:
Just answer Rotate the keys for the signed urls
After you finish answering questions run amplify push and your keys will be rotated. Do note, we DO NOT delete any previous private keys from Secrets Manager. You will have to manually delete them in the console.