Small gem for signing AWS CloudFront URLs given a AWS key_pair_id and pem file. Read more here:


gem install aws_cf_signer


# Pass in path to the private CloudFront key from AWS
signer ='/path/to/my/pk-1234567890.pem')

# If the key filename doesn't contain the key_pair_id (as it usually does from AWS), pass that in as the second arg
signer ='/path/to/my/private-key.pem', '1234567890')

# expiration date is required
# See Example Canned Policy at above AWS doc link
url = signer.sign('', :ending => 'Sat, 14 Nov 2009 22:20:00 GMT')

# You can also use a Time object
url = signer.sign('', :ending => + 3600)

# Custom Policies

# See Example Custom Policy 1 at above AWS doc link
url = signer.sign('',
  :ending   => 'Sat, 14 Nov 2009 22:20:00 GMT',
  :resource => '*',
  :ip_range => ''

# See Example Custom Policy 2 at above AWS doc link
url = signer.sign('',
  :starting => 'Thu, 30 Apr 2009 06:43:10 GMT',
  :ending   => 'Fri, 16 Oct 2009 06:31:56 GMT',
  :resource => 'http://*',
  :ip_range => ''

# You can also pass in a path to a policy file
# This will supersede any other policy options
url = signer.sign('', :policy_file => '/path/to/policy/file.txt')

See the test/test_aws_cf_signer.rb file for more examples.

Note on Patches/Pull Requests

  • Fork the project.

  • Make your feature addition or bug fix.

  • Add tests for it. This is important so I don't break it in a future version unintentionally.

  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)

  • Send me a pull request. Bonus points for topic branches.


Parts of signing code taken from a question on Stack Overflow asked by Ben Wiseley, and answered by Blaz Lipuscek and Manual M:


aws_cf_signer is distributed under the MIT License, copyright © 2010 STL