[{"data":1,"prerenderedAt":91},["ShallowReactive",2],{"pattern-cloudfront-s3-signed-cookies-cognito":3},{"id":4,"title":5,"architectureURL":6,"cleanup":7,"contributors":10,"deploy":12,"description":15,"extension":16,"framework":17,"gitHub":18,"highlight":6,"introBox":24,"language":31,"level":32,"meta":33,"patternArch":35,"resources":67,"s3URL":6,"services":81,"stem":86,"testing":87,"videoId":6,"__hash__":90},"patterns\u002Fpatterns\u002Fcloudfront-s3-signed-cookies-cognito.json","Amazon CloudFront signed cookies with Amazon Cognito using Python CDK",null,{"text":8},[9],"Delete the stack: \u003Ccode>cdk destroy\u003C\u002Fcode>.",[11],"content\u002Fcontributors\u002Fmatia-rasetina.json",{"text":13},[14],"cdk deploy","Implement Amazon CloudFront signed cookies for private Amazon S3 content access with Amazon Cognito user authentication using AWS CDK with Python.","json","AWS CDK",{"template":19},{"repoURL":20,"templateURL":21,"projectFolder":22,"templateFile":23},"https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fserverless-patterns\u002Ftree\u002Fmain\u002Fcloudfront-s3-signed-cookies-cognito","serverless-patterns\u002Fcloudfront-s3-signed-cookies-cognito","cloudfront-s3-signed-cookies-cognito","app.py",{"headline":25,"text":26},"How it works",[27,28,29,30],"This pattern creates a secure content delivery solution using CloudFront signed cookies. Users authenticate through Amazon Cognito via API Gateway Lambda functions.","Upon successful login, the Lambda function generates CloudFront signed cookies that grant time-limited access to private S3 content behind the CloudFront distribution.","The CloudFront distribution uses Origin Access Control (OAC) to securely access private S3 content. Public content is accessible without authentication, while private content requires valid signed cookies.","The signed cookies use RSA key pairs, with the private key stored securely in AWS Secrets Manager and the public key configured in a CloudFront Key Group.","Python","300",{"patternType":34},"Serverless",{"icon1":36,"icon2":41,"icon3":45,"icon5":50,"icon6":54,"line1":58,"line2":61,"line4":63,"line5":65},{"x":37,"y":38,"service":39,"label":40},15,70,"apigw","Amazon API Gateway",{"x":42,"y":38,"service":43,"label":44},38,"lambda","AWS Lambda",{"x":46,"y":47,"service":48,"label":49},58,30,"cognito","Amazon Cognito",{"x":51,"y":38,"service":52,"label":53},68,"cloudfront","Amazon CloudFront",{"x":55,"y":38,"service":56,"label":57},88,"s3","Amazon S3",{"from":59,"to":60},"icon1","icon2",{"from":60,"to":62},"icon3",{"from":60,"to":64},"icon5",{"from":64,"to":66},"icon6",{"bullets":68},[69,72,75,78],{"text":70,"link":71},"Serving private content with signed URLs and signed cookies","https:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonCloudFront\u002Flatest\u002FDeveloperGuide\u002FPrivateContent.html",{"text":73,"link":74},"Using CloudFront signed cookies","https:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonCloudFront\u002Flatest\u002FDeveloperGuide\u002Fprivate-content-signed-cookies.html",{"text":76,"link":77},"Amazon Cognito User Pools","https:\u002F\u002Fdocs.aws.amazon.com\u002Fcognito\u002Flatest\u002Fdeveloperguide\u002Fcognito-user-identity-pools.html",{"text":79,"link":80},"Restricting access to Amazon S3 content by using an origin access control","https:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonCloudFront\u002Flatest\u002FDeveloperGuide\u002Fprivate-content-restricting-access-to-s3.html",{"from":82,"to":84},{"serviceName":40,"serviceURL":83},"\u002Fapi-gateway\u002F",{"serviceName":53,"serviceURL":85},"\u002Fcloudfront\u002F","patterns\u002Fcloudfront-s3-signed-cookies-cognito",{"text":88},[89],"See the GitHub repo for detailed testing instructions.","Y4JdYzEHg3wP2Zo2lKaoLTCB8R1zwrhhSkH-7B_QyBw",1778846883824]