cloudfront securing files in amazon s3?

Question

I have uploaded my file to amazon s3 bucket. on clicking the uploaded file in s3 it gives me the properties of the uploaded file and the link for the uploaded file.When i copy paste the link in a browzer the file gets downloaded.

my bucket policy is as below.

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket-name/*"
        }
    ]
}

But i donot want my audio/video/image files to get downloaded when we copy paste the link in a browzer..Instead the audio/video/image file to be displayed only through my website. To achieve this i have used ,

npm aws-cloudfront-sign 
cfUtil = require(aws-cloudfront-sign )

i have created a signed url using the above npm module:

var cfKeypairId = 'AJDS2LD3KSD5SJSDKJSA(sample key pair)';
var cfURL = 'http://my_domain_name'+file_path;  
//my domain name is something that starts with smb...cloudfront.net  
var signedUrl = cfUtil.getSignedUrl(cfURL, {
  keypairId: cfKeypairId,
  expireTime: Date.now() + 60000,
  privateKeyString: ???
});

what should i give in private key string???? what should be my bucket policy? what should i do with CName's? can somebody tell this in brief?

Answer 1

You can obtain your CloudFront Key Pair ID and Private Key using the Security Credentials Section(Login Using Root Account) in AWS Web Console.

In your S3 bucket policy you can deny public access and only allow Origin Access Identity in AWS CloudFront to access S3.

If you plan to customize your Domain Name(URL) where you server the files, you can use CName mapping for it using AWS Route53 or using any other DNS provider.