great tutorial, I was having a lot of issues getting my private key import to work (maybe because I'm using AstroJS?). If anyone else is having issues try converting your key into base64 (cat private_key.pem | base64) then paste the output into your .env. Then parse the base64 with a buffer in your code (Buffer.from(, 'base64')
Thanks for an amazing content! One little critic, is that when the video begins, it's not clear that you're previewing a future segment of the video. At first I thought the video was glitched,
Hello Sam..Thanks For share...how can I restrict signed url to be accessible only when request comes from my frontend domain? is their any way?because currently anyone can download that url easily.
I have one project that email signature I am using cloudfront sign url for s3 image and issue is once explire the url that email signature not working. You have any solution for this ?
Is there a way to bypass these or generate keys or expiry extensions? Outside of their api, Google uses signed url's where you look at the ads being run by their advertisers. I bookmarked some of the advertiser pages and the links work for only a day or so.
Great content. I am working on CMS in Laravel, how would signed URL effect the front end web because we want consistent study URL where singed or presigned url change the URL address on each request. I suppose we just have to use public URL access in such case. Am I missing anything? Should we consider cookies instead of signed URL?
Hi, thank you for the great content. Have a quick qn. My understanding is that you showcased how we can use signed URLs to grant temporary access to the image i.e. no one can access the image even if they copied the URL from an authorized user's machine and used it after the expiry. Is it possible to also somehow provide access to only customers who have paid for the content, and not some random website visitor? I'm not sure if my question doesn't make perfect sense or has holes in the requirement, but glad to be corrected. thank you. Reference: Preventing Unauthorized Access: By requiring a valid signed URL to access a resource, CloudFront ensures that only users with the correct URL and authorization parameters can view or download the content. This effectively prevents hotlinking and unauthorized access.
Hi Sam I saw and follow you previous video (Set up a CloudFront CDN for an S3 Bucket) But it was not work. whatever object in S3 i tried to access to it, it said (Access Denied) i spent a lot of times to see what is wrong with my Cloudfront, then i know that i must first to make my objects in S3 public for all the world so Cloudfront could access them. Amazon docs: By default, your Amazon S3 bucket and all the files in it are private-only the Amazon account that created the bucket has permission to read or write the files. If you want to allow anyone to access the files in your Amazon S3 bucket using CloudFront URLs, you must grant public read permissions to the objects. So now I am asking: what is the benefit of signed Cloudfront URLs if the object already must be public for all the world? and anyone could access this object directly from S3 bucket?
They don't need to be public. Follow my videos exactly, I never make any of my objects in my S3 bucket public. They are private and can only be accessed when a signed url is generated by an IAM user that has that permission. With the CloudFront example, the only thing that can access the files in s3 is the cloudfront distribution. Nothing else can access them. Then you sign urls to allow some access to cloudfront.
Hi Sam you are actually doing amazing 🤩 But I have am wondering performance bottlenecks You are mapping on every document and generate a signed url Why should we genete url at each request if url is generated already for one day if a single user is keep refreshing page we are generating every time same url How to.handle this?
you've probably figured it out by now lol but i removed all new lines, so the it is an inline string and added after-----BEGIN PRIVATE KEY----- and before -----END PRIVATE KEY-----, so it looks something like this CLOUDFRONT_PRIVATE_KEY="-----BEGIN PRIVATE KEY----- abcd -----END PRIVATE KEY-----"
Your content is great, the audio, video quality, explanation... I have no clue as to why you don't have 100k subs
Dude! Your content and explanation of the services you cover are phenomenal!!!!! :)
Thank you much man!
Can't believe this is free 🔥 Awesome work man!
Thank you so much for showing how to implement that, that was super useful!
Saved my ass. Now I won't get the "Reinforced Shock Treatment" ... TY so much!
Bro bro bro your content is just toooo awesome
Dude,you make me wanna leave my job since i'll never been as sharp as you..damn you!
Just keep watching all my videos and commenting on them and become a channel member 🤗🤗🤗
Then you’ll be sharp
Thank you Sam! Love you!
great tutorial, I was having a lot of issues getting my private key import to work (maybe because I'm using AstroJS?). If anyone else is having issues try converting your key into base64 (cat private_key.pem | base64) then paste the output into your .env. Then parse the base64 with a buffer in your code (Buffer.from(, 'base64')
seeeshh!! u helping me! many thanks :D :D
I followed same approach, but in my case it's showing Access Denied
Thank you, man! That's exactly what I was looking for :)
Thanks for an amazing content! One little critic, is that when the video begins, it's not clear that you're previewing a future segment of the video. At first I thought the video was glitched,
Awesome explanation! 🎉🎉
This XML file does not appear to have any style information associated with it. The document tree is shown below.
thanks mate! this is well explained!
Thanks dude, good tutorial, really helpful
is there a way to shorten the generated signed url?
Thanks for sharing awesome contents.
Great Content bro!! Thank you!! keep it up❤
Big Fan of your videos!!!
i tried this but when i access file conent through signed uRL returns access denied
Hello Sam..Thanks For share...how can I restrict signed url to be accessible only when request comes from my frontend domain? is their any way?because currently anyone can download that url easily.
Thank you, your video is so helpful to me to understand
I have one project that email signature I am using cloudfront sign url for s3 image and issue is once explire the url that email signature not working.
You have any solution for this ?
Hmmm for some reason I'm getting 403 when loading images using the signedUrl.. any ideas, Sam?
Great vid, thank you!!
your video rocks!!
Terrific video. Thanks for the help.
Is there a way to bypass these or generate keys or expiry extensions? Outside of their api, Google uses signed url's where you look at the ads being run by their advertisers. I bookmarked some of the advertiser pages and the links work for only a day or so.
dude you are awesome!
nicely explained
This was perfect... thank you
great video, thank you so much.
How did you breakdown the url so quickly? What's the shortcut
No shortcut, I’m magic
Awesome video!!
Great video. But how would you set this up for a subscription service where paid subscribers get premium content i.e. 4k videos?
Great content. I am working on CMS in Laravel, how would signed URL effect the front end web because we want consistent study URL where singed or presigned url change the URL address on each request.
I suppose we just have to use public URL access in such case. Am I missing anything?
Should we consider cookies instead of signed URL?
But technically the bots can still download the files and build their own database? They just need to sign in to your website periodically?
Please make a video on signed cookies
Hi, thank you for the great content. Have a quick qn. My understanding is that you showcased how we can use signed URLs to grant temporary access to the image i.e. no one can access the image even if they copied the URL from an authorized user's machine and used it after the expiry. Is it possible to also somehow provide access to only customers who have paid for the content, and not some random website visitor? I'm not sure if my question doesn't make perfect sense or has holes in the requirement, but glad to be corrected. thank you.
Reference:
Preventing Unauthorized Access: By requiring a valid signed URL to access a resource, CloudFront ensures that only users with the correct URL and authorization parameters can view or download the content. This effectively prevents hotlinking and unauthorized access.
Thanks 🎉
Daaang bro
nice work
Thank you!
Hi Sam
I saw and follow you previous video (Set up a CloudFront CDN for an S3 Bucket)
But it was not work. whatever object in S3 i tried to access to it, it said (Access Denied)
i spent a lot of times to see what is wrong with my Cloudfront, then i know that i must first to make my objects in S3 public for all the world so Cloudfront could access them.
Amazon docs:
By default, your Amazon S3 bucket and all the files in it are private-only the Amazon account that created the bucket has permission to read or write the files. If you want to allow anyone to access the files in your Amazon S3 bucket using CloudFront URLs, you must grant public read permissions to the objects.
So now I am asking: what is the benefit of signed Cloudfront URLs if the object already must be public for all the world? and anyone could access this object directly from S3 bucket?
They don't need to be public. Follow my videos exactly, I never make any of my objects in my S3 bucket public. They are private and can only be accessed when a signed url is generated by an IAM user that has that permission.
With the CloudFront example, the only thing that can access the files in s3 is the cloudfront distribution. Nothing else can access them. Then you sign urls to allow some access to cloudfront.
Hi Sam you are actually doing amazing 🤩
But I have am wondering performance bottlenecks
You are mapping on every document and generate a signed url
Why should we genete url at each request if url is generated already for one day if a single user is keep refreshing page we are generating every time same url
How to.handle this?
The mapping is not processor intensive so you’ll be fine, but you could also store the url in a database or redis cache if you wanted to reuse the url
@@SamMeechWard Thanks ☺️
very useful !!!
Glad to hear that!
Perfect
mate I am getting this error: Error: error:0909006C:PEM routines:get_name:no start line please help
you've probably figured it out by now lol but i removed all new lines, so the it is an inline string and added
after-----BEGIN PRIVATE KEY----- and before -----END PRIVATE KEY-----, so it looks something like this CLOUDFRONT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
abcd
-----END PRIVATE KEY-----"