This is a serverless web app protecting cached assets in CloudFront by using signed cookie.
Only public hosted zone is tested.
- Note
Domain nameandHosted zone ID. - Edit
./cdk.json
"config": {
"domainName": "Replace with Domain Name",
"hostedZoneId": "Replace with Hosted zone ID",
//
}- Run the following command on your terminal.
KEYPAIR_NAME=signed-cookie
openssl genrsa -out ${KEYPAIR_NAME}.pem 2048
openssl rsa -pubout -in ${KEYPAIR_NAME}.pem -out ${KEYPAIR_NAME}_pub.pem
aws secretsmanager create-secret \
--name ${KEYPAIR_NAME} \
--secret-binary fileb://${KEYPAIR_NAME}.pemThen you get the json like below.
{
"ARN": "arn:aws:secretsmanager:yourregion:accountnumber:secret:signed-cookie-ascii",
"Name": "signed-cookie",
"VersionId": "XXXX"
}Note ARN.
- Edit
./cdk.json
"config": {
"privateKeySecretCompleteArn": "Replace with ARN in the above json"
//
}- Open CloudFront
- Go to Key Management > Public Keys
- Click Create public key
- Paste
${KEYPAIR_NAME}_pub.pemcreated the previouss step. Name has no effect to this deployment. And hitCreate public key. - Got to Key Management > Key groups
- Click Create key group
- Input your favorite Name and select the public key you created before in
Public keysfield. And hitCreate key group. - Move to the detail page of the key group.
- Edit
./cdk.json
"config": {
"keypairId": "ID on Public keys panel",
"publicKeyId": "ID on Details panel",
//
}npm ci
npm run cdk bootstrap
npm run cdk bootstrap -- --region=us-east-1
npm run cdk deploy -- --allcertificate-stack is only deployable in us-east-1.
- Open the url https://app.{your domain}. eg. https://app.example.com if your domain is example.com
- Image is not visible.
- Click
Get Signed Cookiebutton. - You see my pretty dog and cookie in dev tool.
npx cdk destroy --force --allSee CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.
