All geek questions in one place

Failed to use signed cloud cookies

I am trying to use signed cookies for my cloud distribution.

Im using a cookie-signer to create signed cookies. And below is a script to extract a file from the cloud front

import requests
cookies = {
'CloudFront-Key-Pair-Id': 'APKXXXXXXXXXXX',
'CloudFront-Policy': u'eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kNXRpdXV2ZjdodDlpLmNsb3VkZnJvbnQubmV0L21lZGlhL3Byb2ZpbGVfcGljLmpwZyIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQ5Mjc2ODcwMH19fV19',
'CloudFront-Signature': u'ZVG-Pi7x~edJqERf99O9und0wYedB-SHMNKuHd4UpEDaPckYekGoAJ~q8tU0vQI4mS9odXITzAKl4v7tmfDjG1y9FmWaSxgf9h2jrssIk25Mswk3UXOV7wRNs9DiHpA3~D70qAWXGS9GVN4z3SvZ3xQv9bM1P50y2shNPlOCV4o5nAH56sYdvdJNjxSFxdoOUMuhxyrzf-Gv5fjNSzv2Dy43WY6rmpEMfh6L9Eb-2kcrS9p5rsK9MtAwpN8Frobt4bCuduQleb~DXZ~O~hoBGdO3RdyYWgMdTa~02PQl3st8eisBiH7XYy2GbOwPIN~M4m-UAs3ihL0ZWUjbkVDFCA__',
'Secure': 'True',
'HTTPOnly': 'True',

}
headers = {}

s = requests.Session()

res = s.get('http://XXXXXXX.cloudfront.net/media/profile_pic.jpg', 
headers=headers, cookies=cookies)
print res
print res.content

Output:

 <Response [403]>
 <?xml version="1.0" encoding="UTF-8"?>
 <Error><Code>AccessDenied</Code><Message>Access Denied</Message>
 <RequestId>BBDBA8E7FEDA7759</RequestId><HostId>7Pt2/REdiugH5Te555/v004J6skQs9+ccncmXM74yHwPhQrSMJ9pavIj2QmPW6g2QsnnEYGxitc=</HostId></Error>

A trusted subscriber user for cloud distribution is added and a key pair identifier for the cloud interface is generated.

Can someone help me? thanks in advance

+4
source share
1 answer

Your error is actually an S3 error, not a Cloudfront (CF) error. Have you created a bucket policy that gives GetObjectaccess?

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

S3 CF, S3 Bucket. (. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-6)

- S3, Cloudfront IPs , Origin Custom Header CF, referer, , (. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-4)

, URL- AWS-CLI. (. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/sign.html)

+1

Source: https://habr.com/ru/post/1675339/

More articles:


All Articles