| CARVIEW |
Select Language
HTTP/1.1 200 OK
Connection: keep-alive
Server: nginx/1.24.0 (Ubuntu)
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=300
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 0
Date: Sat, 17 Jan 2026 03:44:37 GMT
X-Served-By: cache-dfw-ktki8620085-DFW, cache-bom-vanm7210082-BOM
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1768621477.223774,VS0,VE303
Vary: Accept, Accept-Encoding
transfer-encoding: chunked
aws-cloudfront-signed-cookies: Generate signed cookies for AWS CloudFront
[Skip to Readme]
aws-cloudfront-signed-cookies: Generate signed cookies for AWS CloudFront
One way to serve private content through AWS CloudFront is to use signed cookies. This package helps you generate signed cookies using a custom IAM policy which may include a range of time for which the cookie is valid and an IP address restriction.
[Skip to Readme]
Modules
[Index] [Quick Jump]
Downloads
- aws-cloudfront-signed-cookies-0.2.0.13.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
- No Candidates
| Versions [RSS] | 0.1.0.0, 0.1.0.1, 0.2.0.0, 0.2.0.1, 0.2.0.2, 0.2.0.4, 0.2.0.6, 0.2.0.8, 0.2.0.9, 0.2.0.10, 0.2.0.11, 0.2.0.12, 0.2.0.13 |
|---|---|
| Change log | changelog.md |
| Dependencies | aeson (>=2.1 && <2.3), aeson-pretty (>=0.8.9 && <0.9), asn1-encoding (>=0.9.6 && <0.10), asn1-types (>=0.3.4 && <0.4), aws-cloudfront-signed-cookies, base (>=4.18 && <4.20), base64-bytestring (>=1.2.1 && <1.3), bytestring (>=0.11 && <0.13), cookie (>=0.4.5 && <0.5), crypton (>=0.34 && <0.35 || >=1.0 && <1.1), lens (>=5.0.1 && <5.3), lens-aeson (>=1.2 && <1.3), optparse-applicative (>=0.16.1 && <0.19), pem (>=0.2.4 && <0.3), text (>=2.0 && <2.2), time (>=1.9.3 && <1.13), vector (>=0.12.3 && <0.14) [details] |
| License | MIT |
| Copyright | 2021 Mission Valley Software LLC |
| Author | Chris Martin |
| Maintainer | Chris Martin, Julie Moronuki |
| Uploaded | by chris_martin at 2025-01-21T01:49:23Z |
| Category | Network, AWS, Cloud |
| Home page | https://github.com/typeclasses/aws-cloudfront-signed-cookies |
| Bug tracker | https://github.com/typeclasses/aws-cloudfront-signed-cookies/issues |
| Source repo | head: git clone https://github.com/typeclasses/aws-cloudfront-signed-cookies |
| Distributions | |
| Executables | aws-cloudfront-signed-cookies |
| Downloads | 4404 total (52 in the last 30 days) |
| Rating | 2.0 (votes: 1) [estimated by Bayesian average] |
| Your Rating |
|
| Status | Docs available [build log] Last success reported on 2025-01-21 [all 1 reports] |
Readme for aws-cloudfront-signed-cookies-0.2.0.13
[back to package description]One way to serve private content through AWS CloudFront is to use signed cookies. This package helps you generate signed cookies using a custom IAM policy which may include a range of time for which the cookie is valid and an IP address restriction.
The library
Creating signed cookies
Example usage:
{-# LANGUAGE OverloadedStrings, ScopedTypeVariables #-}
import Network.AWS.CloudFront.SignedCookies
import qualified Data.Text.IO
main :: IO ()
main = do
-- Construct an IAM policy that expires three days from now
policy :: Policy <- simplePolicy
(Resource "https://example.com/secrets/*")
(Lifespan (3 * nominalDay))
-- Parse the .pem file to get the private key
key :: PrivateKey <- readPrivateKeyPemFile
(PemFilePath "./pk-APKAIATXN3RCIOVT5WRQ.pem")
-- Construct signed cookies
cookies :: CookiesText <- createSignedCookies
(KeyPairId "APKAIATXN3RCIOVT5WRQ") key policy
Data.Text.IO.putStrLn (renderCookiesText cookies)
The output should look something like this:
Cookie: CloudFront-Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9zZWNyZXRzLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE1MjM2NjQxMjV9fX1dfQ__
Cookie: CloudFront-Signature=R17isgiJD36sb4kh4pNxqq5eFCx5Q~vC~QbQKMhi9BqyhLboLQfb3pCdPp-WSVYOn4wlOobqhgcwoX2vjCd3y8eiUtelX1~ddaDlPBkkdZA~5Imd2z-W1o3r0coKB1SE2SPFT7M1XgNvwOPanQoft1VLchfVPGaitFYMum4KS~GXffqQZzaVybKJ64KfFLLBPSobg8MmBhHvpO9DBiwKijmGhDip~6L3W7OcqGT8HdqAmWxjnTHInXpx7bbVotla6a~J6WB6xmtJrmQzMLdTUxAY6IbJ2PzMtTXKgdNzbByGHvImg9k3Q3fNBTim8l7Tds1zpwX9GsuPcFkPe9HZ1Q__
Cookie: CloudFront-Key-Pair-Id=APKAIATXN3RCIOVT5WRQ
You can see a very similar example in action in the Network.AWS.CloudFront.SignedCookies.CLI.Sign module which defines the command-line interface for creating signed cookies.
Decoding policy cookies
After you generate a policy cookie and send it to a client, you may later want to parse it back into a Policy value -- for example, to determine whether you need to send a new set of cookies to replace an expired policy.
Example in GHCi:
λ> cookiePolicy (PolicyCookie "eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9zZWNyZXRzLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE1MjM2NjQxMjV9fX1dfQ__")
Right (Policy {policyResource = Resource "https://example.com/secrets/*", policyStart = StartImmediately, policyEnd = EndTime 1523664125s, policyIpAddress = AnyIp})
The executable
You can also generate cookies using the command-line interface. It provides two commands:
sign- Given a private key and policy options, produces signed cookies and prints them as HTTP request headers.decode- Decodes aCloudFront-Policycookie and prints it in human-readable JSON format.
sign
$ aws-cloudfront-signed-cookies sign --help
Generate signed cookies for AWS CloudFront
Usage: aws-cloudfront-signed-cookies sign --pem-file ARG --key-pair-id ARG
--resource ARG --days ARG
Available options:
--pem-file ARG Location in the filesystem where a .pem file
containing an RSA secret key can be found
--key-pair-id ARG CloudFront key pair ID for the key pair that you are
using to generate signature
--resource ARG URL that the policy will grant access to, optionally
containing asterisks for wildcards
--days ARG Integer number of days until the policy expires
-h,--help Show this help text
Example usage:
$ aws-cloudfront-signed-cookies sign \
--pem-file pk-APKAIATXN3RCIOVT5WRQ.pem \
--key-pair-id APKAIATXN3RCIOVT5WRQ \
--resource "https://example.com/secrets/*" \
--days 2
Output:
Cookie: CloudFront-Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9zZWNyZXRzLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE1MjM2NjQxMjV9fX1dfQ__
Cookie: CloudFront-Signature=R17isgiJD36sb4kh4pNxqq5eFCx5Q~vC~QbQKMhi9BqyhLboLQfb3pCdPp-WSVYOn4wlOobqhgcwoX2vjCd3y8eiUtelX1~ddaDlPBkkdZA~5Imd2z-W1o3r0coKB1SE2SPFT7M1XgNvwOPanQoft1VLchfVPGaitFYMum4KS~GXffqQZzaVybKJ64KfFLLBPSobg8MmBhHvpO9DBiwKijmGhDip~6L3W7OcqGT8HdqAmWxjnTHInXpx7bbVotla6a~J6WB6xmtJrmQzMLdTUxAY6IbJ2PzMtTXKgdNzbByGHvImg9k3Q3fNBTim8l7Tds1zpwX9GsuPcFkPe9HZ1Q__
Cookie: CloudFront-Key-Pair-Id=APKAIATXN3RCIOVT5WRQ
decode
$ aws-cloudfront-signed-cookies decode --help
Decode signed AWS CloudFront policy cookies
Usage: aws-cloudfront-signed-cookies decode --policy-cookie ARG
Available options:
--policy-cookie ARG The value of a CloudFront-Policy cookie
-h,--help Show this help text
Example usage:
$ aws-cloudfront-signed-cookies decode --policy-cookie eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9zZWNyZXRzLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE1MjM2NjQxMjV9fX1dfQ__
{
"Statement": [
{
"Resource": "https://example.com/secrets/*",
"Condition": {
"DateLessThan": {
"AWS:EpochTime": 1523664125
}
}
}
]
}