aws-cloudfront-signer- For signing AWS CloudFront HTTP URL requests

Safe HaskellNone




type URL = StringSource

input and output URLs

type JSONPOlicy = StringSource

a JSON CloudFront policy

data CloudFrontSigningKey Source

a CloudFront siging key has an identifier and an RSA private key




cfk_key_id :: KeyID
cfk_key :: PrivateKey

data CloudFrontPolicy Source

a CloudFront policy must identify the resource being accessed and the expiry time; a starting time and IPv4 address may also be specified

readCloudFrontSigningKeyFromDER :: KeyID -> FilePath -> IO CloudFrontSigningKeySource

RSA private keys can only be read from DER file for now (the OpenSSL tools can be used to convert from PEM:

openssl rsa -in input.pem -inform PEM -out output.der -outform DER

parseRSAPrivateKeyDER :: ByteString -> Either String PrivateKeySource

If you have the DER ByteString then you can construct a private key functionally.

signCannedPolicyURL :: CloudFrontSigningKey -> UTCTime -> URL -> URLSource

In most cases only a time-limited, signed URL is needed, in which case a canned policy can be used; URLs signed with a canned policy are shorter than those signed with a custom policy.

signCustomPolicyURL :: CloudFrontSigningKey -> CloudFrontPolicy -> URLSource

Signing a URL with a custom policy allows a start time to be specified and the IP address of the recipient(s) to be specified.

signCustomPolicyURL_ :: CloudFrontSigningKey -> JSONPOlicy -> URL -> URLSource

The URL can also be signed with the custom policy in JSON format. (See the CloudFront documentation for details.)

cannedPolicy :: UTCTime -> URL -> JSONPOlicySource

The JSON canned policy can be generated from the expiry time and the URL of the distributed resource.

customPolicy :: CloudFrontPolicy -> JSONPOlicySource

JSON custom policies provide more flexibility (allowing start times and recipient IP addresses to be specified) but generate longer signed URLs.

unixTime :: UTCTime -> StringSource

CloudFront uses Unix Epoch time (number of seconds since 1970, UTC) to specify UTC.