In the previous post we learned how to set up a private content distribution using the AWS SDK for PHP. That’s awesome, isn’t it? But it could be even greater if we were able to build signed links to let some users access our S3 objects (it was the original goal), otherwise no one will access these contents.
Signed links for private content
Private content distributions do not provide public access to your content. You cannot access S3 objects publicly without a valid signature no matter if objects were defined as private or public. This should be this way because we have created these distributions defining ourselves as URLs signers (see “Creating a private content distribution” from part II).
If you think that you can define your S3 objects as public and then set up a private content distribution without dealing with OAIs, you are probably wrong. Obviously, you can do it and it will work, but your users would be able to access these content freely through S3 addresses (okay, they will need to find your S3 root address, but that’s possible, isn’t it?). If this doesn’t matter to you, good for you!
Anyway we will need to create signed links for our users. Let’s see (as we were doing in part I and II, we will keep using the AWS SDK for PHP in code snippets):
$cfInstance = new AmazonCloudFront();
$signedLink = $cfInstance->get_private_object_url( ‘distribution_id’, ‘object_path’, ‘unix_time_expiration’);
Sincerely, I don’t know if these features are enabled on free accounts but I encourage you to test them and let me know what do you think about it.