O URL é gerado normalmente, mas retorna o ''error 403, access is denied''
$cloudFront = new Aws\CloudFront\CloudFrontClient([
'region' => 'us-west-2',
'version' => '2014-11-06'
]);
// Create a signed URL for the resource using the canned policy
$streamHostUrl = 'http://example-distribution.cloudfront.net';
$resourceKey = 'videos/example.mp4';
$expires = time() + 300;
$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
'url' => $streamHostUrl . '/' . $resourceKey,
'expires' => $expires,
'private_key' => '/path/to/your/cloudfront-private-key.pem',
'key_pair_id' => '<cloudfront key pair id>'
]);
Ou
$customPolicy = <<<POLICY
{
"Statement": [
{
"Resource": "{$resourceKey}",
"Condition": {
"IpAddress": {"AWS:SourceIp": "{$_SERVER['REMOTE_ADDR']}/32"},
"DateLessThan": {"AWS:EpochTime": {$expires}}
}
}
]
}
POLICY;
$signedUrlCustomPolicy = $cloudFront->getSignedUrl([
'url' => $streamHostUrl . '/' . $resourceKey,
'policy' => $customPolicy,
'private_key' => 'cloudfront-private-key.pem',
'key_pair_id' => 'APKAIOC51117353UZVD4EHA'
]);
Nas políticas do meu balde já coloquei:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2SR5AFDLD7B7P"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::darpi.enterprises/*"
}
]
}
Em ambas as maneiras gera URL, mas não consigo obter o arquivo. Alguma informação que possa me ajudar? Ficarei muito agradecido.