Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Ruby gem for signing AWS Cloudfront URLs for serving private content
Latest commit 1e078cd @dylanvaughn Merge pull request #9 from dylanvaughn/hotfix/use-custom-policy-for-w…

Use custom policy for wildcard resources


Small gem for signing AWS CloudFront URLs given a AWS key_pair_id and pem file. Read more here:


In your Gemfile.

gem 'aws_cf_signer'

Or on your system.

gem install aws_cf_signer


# Pass in path to the private CloudFront key from AWS
signer ='/path/to/my/pk-1234567890.pem')

# If the key filename doesn't contain the key_pair_id (as it usually does from AWS), pass that in as the second arg
signer ='/path/to/my/private-key.pem', '1234567890')

# If your private key is not on the filesystem, you can pass it explicitly, you need to pass key_pair_id if you do that
signer =["CLOUDFRONT_PRIVATE_KEY"], '1234567890')

# expiration date is required
# See Example Canned Policy at above AWS doc link
url = signer.sign('', :ending => 'Sat, 14 Nov 2009 22:20:00 GMT')

# You can also use a Time object
url = signer.sign('', :ending => + 3600)

# Custom Policies

# See Example Custom Policy 1 at above AWS doc link
url = signer.sign('',
  :ending   => 'Sat, 14 Nov 2009 22:20:00 GMT',
  :resource => '*',
  :ip_range => ''

# See Example Custom Policy 2 at above AWS doc link
url = signer.sign('',
  :starting => 'Thu, 30 Apr 2009 06:43:10 GMT',
  :ending   => 'Fri, 16 Oct 2009 06:31:56 GMT',
  :resource => 'http://*',
  :ip_range => ''

# You can also pass in a path to a policy file
# This will supersede any other policy options
url = signer.sign('',
  :policy_file => '/path/to/policy/file.txt'

See the test/test_aws_cf_signer.rb file for more examples.

Note on Patches/Pull Requests

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don't break it in a future version unintentionally.
  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.


Parts of signing code taken from a question on Stack Overflow asked by Ben Wiseley, and answered by Blaz Lipuscek and Manual M:


aws_cf_signer is distributed under the MIT License, copyright © 2010 STL, Dylan Vaughn

Something went wrong with that request. Please try again.