Posted On: Oct 22, 2020
Amazon CloudFront announces that you can now manage public keys used for signed URLs and signed cookies through Amazon Identity and Access Management (IAM) based user permission, without requiring the AWS root account. With the IAM user permissions based public key management, you get more flexibility and API access to manage your public keys.
Many customers that distribute content over the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee. Customers use CloudFront signed URLs and signed cookies to restrict access to content. Up until now, CloudFront required root account access for trusted signers to manage public keys. With today’s enhancement, you can create and manage Key Groups in CloudFront. Key Groups are sets of multiple public keys which can be created by IAM users based on permissions you grant.
Key Groups can be shared with other users within your same organization. With this launch, you can also rotate public keys via CloudFront’s API for easier maintenance. You may continue to use root account access for trusted signers to manage public keys if you prefer.