Category Archives: Uncategorized

My experience using Amazon’s CloudFront as CDN – Part III

This is the last post about my experience dealing with (against?) Amazon CloudFront. You can review my previous posts here and here.

cdn

In the previous post we learned how to set up a private content distribution using the AWS SDK for PHP. That’s awesome, isn’t it? But it could be even greater if we were able to build signed links to let some users access our S3 objects (it was the original goal), otherwise no one will access these contents.

Signed links for private content

Private content distributions do not provide public access to your content. You cannot access S3 objects publicly without a valid signature no matter if objects were defined as private or public. This should be this way because we have created these distributions defining ourselves as URLs signers (see “Creating a private content distribution” from part II).

If you think that you can define your S3 objects as public and then set up a private content distribution without dealing with OAIs, you are probably wrong. Obviously, you can do it and it will work, but your users would be able to access these content freely through S3 addresses (okay, they will need to find your S3 root address, but that’s possible, isn’t it?). If this doesn’t matter to you, good for you!

Anyway we will need to create signed links for our users. Let’s see (as we were doing in part I and II, we will keep using the AWS SDK for PHP in code snippets):

$cfInstance = new AmazonCloudFront();
$cfInstance->set_keypair_id(‘your_keypair_id’);
$cfInstance->set_private_key(‘your_private_key’);

$signedLink = $cfInstance->get_private_object_url( ‘distribution_id’, ‘object_path’, ‘unix_time_expiration’);

Once executed, you will get a signed link to access object in ‘object_path’ for a limited time. I always use unix time to limit object accesses but there are more formats allowed in the get_private_object_url method (basically, any string that strtotime() function is able to understand).
And that’s all, no external APIs requests for signed links; that’s why I like CloudFront so much. You can build three hundred links and just a few CPU cycles will be used, no I/O wait, no network latency, just CPU work. Awesome ;-)

Addendum

Playing around with SDKs, APIs and so on is kind of fun but sometimes it’s annoying to edit source code files just to set up your CDN. That’s the reason why, after walking this road to private content distribution, I was still looking for a useful tool to manage OAIs, CloudFront distributions, permissions and everything in the scope of this service.
 rightscale
At the end, this tool appeared and it was the RightScale web panel (something that I had been using for months!). Regardless of its tools to manage servers, templates, auto-scaling arrays and other EC2 features. It lets you manage OAIs, set up CloudFront distribution with OAIs, URLs signers and much more directly on the web. I know that it’s simply the AWS API exposed through HTML forms but it saves me a lot of time and lets me control more distributions than when I was hitting the naked API.

Sincerely, I don’t know if these features are enabled on free accounts but I encourage you to test them and let me know what do you think about it.