Public and private objects on S3 via Cloudfront?

[mrmachine]

The django-storages docs just say I should set the AWS_S3_CUSTOM_DOMAIN setting and configure Cloudfront. The Cloudfront docs say I can restrict access and require signed URLs.

I already use signed S3 URLs with django-storages, and these URLs have Expires, Signature and AWSAccessKeyId querystring params. The Cloudfront docs say signed cloudfront URLs need Expires, Signature and Key-Pair-Id querystring params.

How can I get django-storages to generate a signed Cloudfront URL? Is it even possible?

[mattjegan]

I just came across this issue, my current solution is to override S3Boto3Storage.url so it doesn't return early for custom domains. It will sign the s3 url and then we can replace the domain manually. I'm not sure if there is anything nicer. If I get time I might make a PR back in.

[terencehonles]

@mrmachine if you use the branch that is #587 you can specify one or more RSA keys and the signing function will use the first key or the key by the ID you specify.

[DataGreed]

Is there an existing solution for this problem?

[DataGreed]

@jschneier @terencehonles it's great the django-storages supports Cloudfront URL Signing, but there seems to be no documentation at all. How do I make it work?

[terencehonles]

@DataGreed it looks like you figured it out and posted an example on #587, I commented there, but any chance you want to expand the documentation? 🙂

[shawnngtq]

@DataGreed

It will be great if you can include an example regarding cloudfront settings. I am new to cloudfront and this library 😁

[terencehonles]

@shawnngtq you can use @DataGreed and my comments starting here #587 (comment) to probably get yourself set up 🙂