I’m trying to create signed urls from cloudfront with aws-sdk-php
I have created both Distributions WEB and RTMP
and this is the code i used to do that
this is start.php
<?php
require 'vendor/autoload.php';
use AwsS3S3Client;
use AwsCloudFrontCloudFrontClient;
$config = require('config.php');
// S3
$client = new AwsS3S3Client([
'version' => 'latest',
'region' => 'us-east-2',
]);
// CloudFront
$cloudfront = CloudFrontClient::factory([
'version' => 'latest',
'region' => 'us-east-2',
]);
and this is config.php
<?php
return [
's3'=>[
'key' => 'XXXXXXXXXXXXXXXXXXXXXXXXXX',
'secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXX',
'bucket' => 'hdamovies',
'region' => 'us-east-2',
],
'cloudFront' => [
'url' => 'https://d2t7o0s69hxjwd.cloudfront.net',
],
];
and this is index.php
<?php
require 'config/start.php';
$video = 'XXXXXXXXXXX.mp4';
$expiry = new DateTime( '+1 hour' );
$url = $cloudfront->getSignedUrl([
'private_key' => 'pk-XXXXXXXXXXXXXXXXXXXXX.pem',
'key_pair_id' => 'XXXXXXXXXXXXXXXXXXXXX',
'url' => "{$config['cloudFront']['url']}/{$video}",
'expires' => strtotime('+10 minutes'),
]);
echo "<a href=".$url.">Downlod</a>";
When i click on the link i get that error
<Error> <Code>KMS.UnrecognizedClientException</Code> <Message>No account found for the given parameters</Message> <RequestId>0F0A772FE67F0503</RequestId> <HostId>juuIQZKHb1pbmiVkP7NVaKSODFYmBtj3T9AfDNZuXslhb++LcBsw9GNjpT0FG8MxgeQGqbVo+bo=</HostId></Error>
What is the problem here and how can i solve that?
Advertisement
Answer
CloudFront does not support downloading objects that were stored, encrypted, in S3 using KMS Keys, apparently because the CloudFront Origin Access Identity is not an IAM user, so it’s not possible to authorize it to have the necessary access to KMS.