aws-cloudfront-signed-cookies: Generate signed cookies for AWS CloudFront

[ aws, cloud, library, mit, network, program ] [ Propose Tags ]

One way to serve private content through AWS CloudFront is to use signed cookies. This package helps you generate signed cookies using a custom IAM policy which may include a range of time for which the cookie is valid and an IP address restriction.


[Skip to Readme]
Versions [faq] 0.1.0.0, 0.1.0.1, 0.2.0.0, 0.2.0.1, 0.2.0.2, 0.2.0.4, 0.2.0.6
Dependencies aeson, asn1-encoding, asn1-types, aws-cloudfront-signed-cookies, base (>=4.9 && <4.14), base64-bytestring, bytestring, cookie, cryptonite, optparse-applicative, pem, text, time (>=1.8), unordered-containers, vector [details]
License MIT
Copyright 2018 Typeclass Consulting, LLC
Author Chris Martin
Maintainer Chris Martin, Julie Moronuki
Revised Revision 3 made by chris_martin at 2020-03-15T10:08:52Z
Category Network, AWS, Cloud
Home page https://github.com/typeclasses/aws-cloudfront-signed-cookies
Bug tracker https://github.com/typeclasses/aws-cloudfront-signed-cookies/issues
Source repo head: git clone https://github.com/typeclasses/aws-cloudfront-signed-cookies
Uploaded by chris_martin at 2018-04-09T18:45:53Z
Distributions NixOS:0.2.0.6
Executables aws-cloudfront-signed-cookies
Downloads 2218 total (57 in the last 30 days)
Rating 2.0 (votes: 1) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs available [build log]
Last success reported on 2018-04-13 [all 1 reports]

Modules

[Index]

Downloads

Note: This package has metadata revisions in the cabal description newer than included in the tarball. To unpack the package including the revisions, use 'cabal get'.

Maintainer's Corner

For package maintainers and hackage trustees


Readme for aws-cloudfront-signed-cookies-0.1.0.1

[back to package description]

aws-cloudfront-signed-cookies

Generate signed cookies for AWS CloudFront

One way to serve private content through AWS CloudFront is to use signed cookies. This package helps you generate signed cookies using a custom IAM policy which may include a range of time for which the cookie is valid and an IP address restriction.

The library

Example usage:

{-# LANGUAGE OverloadedStrings, ScopedTypeVariables #-}

import Network.AWS.CloudFront.SignedCookies

import qualified Data.Text.IO

main :: IO ()
main = do

  -- Construct an IAM policy that expires three days from now
  policy :: Policy <- simplePolicy
    (Resource "https://example.com/secrets/*")
    (Lifespan (3 * nominalDay))

  -- Parse the .pem file to get the private key
  key :: PrivateKey <- readPrivateKeyPemFile
    (PemFilePath "./pk-APKAIATXN3RCIOVT5WRQ.pem")

  -- Construct signed cookies
  cookies :: CookiesText <- createSignedCookies
    (KeyPairId "APKAIATXN3RCIOVT5WRQ") key policy

  Data.Text.IO.putStrLn (renderCookiesText cookies)

The output should look something like this:

Cookie: CloudFront-Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc29...
Cookie: CloudFront-Signature=wMN6V3Okxk7sdSPZeebMh-wo...
Cookie: CloudFront-Key-Pair-Id=APKAIATXN3RCIOVT5WRQ

You can see a very similar example in action in the Network.AWS.CloudFront.SignedCookies.CLI module which defines the command-line interface.

The executable

You can also generate cookies using the command-line interface.

$ aws-cloudfront-signed-cookies --help
Generator of signed cookies for AWS CloudFront

Usage: aws-cloudfront-signed-cookies --pem-file ARG --key-pair-id ARG
                                     --resource ARG --days ARG

Available options:
  -h,--help                Show this help text
  --pem-file ARG           Location in the filesystem where a .pem file
                           containing an RSA secret key can be found
  --key-pair-id ARG        CloudFront key pair ID for the key pair that you are
                           using to generate signature
  --resource ARG           URL that the policy will grant access to, optionally
                           containing asterisks for wildcards
  --days ARG               Integer number of days until the policy expires

Example usage:

$ aws-cloudfront-signed-cookies                \
    --pem-file pk-APKAIATXN3RCIOVT5WRQ.pem     \
    --key-pair-id APKAIATXN3RCIOVT5WRQ         \
    --resource "https://example.com/secrets/*" \
    --days 2