In this step you will create a secret in AWS Secrets Manager. Up to this point, you have used Amazon S3 and Amazon CloudFront, which are AWS global services. As AWS Secrets Manager and AWS Lambda are regional services, you will need to pick an AWS region to use for the remainder of this sample.
- Open the AWS Secrets Manager Management Console.
- Select an AWS region.
- Choose Store a new secret.
- For Select secret type, select Other type of secrets.
- For Specify the key/value pairs to be stored in this secret select Plaintext.
- Copy and paste the contents of the private key in the file named private_key.pem from previous step.
- Choose Next.
- For Secret name, provide a name.
- Choose Next.
- Leave rotation as Disable automatic rotation as checked.
- Choose Next.
- Choose Store.
- Select your Secret to view the details.
- Record both the Secret name and Secret ARN. You will need them for the next step.
In this step you configured AWS Secrets Manager to store the CloudFront private key to be consumed by a downstream client. Next you will configure an AWS Lambda function to generate CloudFront signed URLs. We provide steps for both CloudFront canned and custom polices.
Step 5: Create CloudFront SignedURL with Canned Policy
Step 6: Create CloudFront SignedURL with Custom Policy