---
type: video
yt_id: VVU2YVRMdUlfajQtMHdpRFN6bWFQY3RRLkVJWXJoYkJrN2Rv
videoId: EIYrhbBk7do
title: "CloudFront Signed URLs with Node.js"
date: "2022-08-08T14:00:13Z"
slug: "cloudfront-signed-urls-with-nodejs"
image: 
  name: "cloudfront-signed-urls-with-nodejs.jpg"
  alt: "CloudFront Signed URLs with Node.js"
  width: 1280
  height: 720
status: 'published'
description: "Create signed urls to access files in a CloudFront distribution. Learn how to generate the signed URLs using a private key in a node application."
tags: ['aws', 'cloud computing', 'serverless', 's3']
previousPostSlug: 'set-up-a-cloudfront-cdn-for-an-s3-bucket'
nextPostSlug: 'storing-images-in-s3-from-node-server'
---

Create signed urls to access files in a CloudFront distribution. Learn how to generate the signed URLs using a private key in a node application.

## Chapters:

* 0:00​ Intro
* 0:42 Why Sign URLs?
* 3:58 Generating an RSA Key Pair
* 5:32 Create a Public Key in AWS
* 6:41 Restrict CloudFront Access
* 7:59 Sign URLs in Node Server
* 12:21 Conclusion

## Code Snippets

### Generate RSA Key Pair

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html

> Install OpenSSL on your machine and generate the keypairs

```sh
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
```

### Sign URLs

https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_cloudfront_signer.html#getsignedurl

> Install and import the cloudfront signer

```sh
npm i @aws-sdk/cloudfront-signer
```

```js
import { getSignedUrl } from "@aws-sdk/cloudfront-signer"
```

> Sign the urls before sending them to the browser

```js
const signedUrl = getSignedUrl({
  keyPairId: process.env.CLOUDFRONT_KEYPAIR_ID,
  privateKey: process.env.CLOUDFRONT_PRIVATE_KEY,
  url: url,
  dateLessThan: new Date( Date.now() + (1000 /*sec*/ * 60))
})
```