signed_url = f"{url}?Expires={epoch_expire}&Signature={signature}&Key-Pair-Id={self.key_pair_id}" return signed_url else: # Custom policy encoded_policy = self._url_safe_base64(policy_str.encode()) signed_url = f"{url}?Policy={encoded_policy}&Signature={signature}&Key-Pair-Id={self.key_pair_id}" return signed_url if name == " main ": generator = CloudFrontSignedUrlGenerator( key_pair_id="APKAEIBAERJR2EXAMPLE", private_key_path="./private_key.pem" ) url = generator.generate_signed_url( url="https://d111111abcdef8.cloudfront.net/private/video.mp4", expire_time=datetime.datetime.utcnow() + datetime.timedelta(hours=1), ip_range="192.0.2.0/24" ) print(url)
In the meantime, here’s a for CloudFront signed URLs (Python) — useful for restricting access to private content:
def _url_safe_base64(self, data: bytes) -> str: return base64.urlsafe_b64encode(data).decode().rstrip("=") dnrweqffuwjtx cloud front net
def __init__(self, key_pair_id: str, private_key_path: str): self.key_pair_id = key_pair_id with open(private_key_path, "rb") as key_file: self.private_key = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend() )
policy = { "Statement": [{ "Resource": resource, "Condition": { "DateLessThan": {"AWS:EpochTime": epoch_expire} } }] } signed_url = f"{url}
Could you clarify which of these you want, or restate your request?
if ip_range: policy["Statement"][0]["Condition"]["IpAddress"] = { "AWS:SourceIp": ip_range } ip_range="192.0.2.0/24" ) print(url) In the meantime
# Build policy JSON (supports wildcard paths automatically if URL ends with *) if url.endswith("*"): resource = url else: resource = url