Question:
I’m using CloudFront Signed URL to display images and videos from S3 to be secured.
It works well on images and other videos except for .m3u8 file.
I used AWS PHP SDK and here’s my code.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
// Instantiate the CloudFront client with your AWS credentials $cloudFrontClient = new CloudFrontClient(array( 'region' => env('AWS_DEFAULT_REGION'), 'version' => 'latest', 'http' => [ 'verify' => false ], 'credentials' => array( 'key' => env('AWS_ACCESS_KEY_ID'), 'secret' => env('AWS_SECRET_ACCESS_KEY'), ))); // Create a signed URL for the resource $resourceKey = 'https://abcdefg.cloudfront.net/test/file_1000k.m3u8'; $expires = time() + 3600; $signedUrl = $cloudFrontClient->getSignedUrl([ 'url' => $resourceKey, 'expires' => $expires, 'private_key' => public_path().'/pk-ABCD123.pem', 'key_pair_id' => 'ABCD123ABCD123ABCD123' ]); ?> Your browser does not support the video tag. |
If I’m not mistaken, it doesn’t play because we need also to sign the segmented files (.ts) inside the .m3u8 file.
How can we dynamically change it?
Is there any way we can play .m3u8 file securely so that users can’t use the direct link access to download the file?
Answer:
CloudFront signed URLs work great when it is just one file, but like you have discovered it is a problem when you have multiple resources.
For this reason the recommended approach is to use signed CloudFront cookies.
By doing this you only need to sign once to allow all resources from a specific CloudFront distribution and do not need to bother with the signing process on each page load.