Serving Private Content through AWS CloudFront

Step 1   – Get the private/public keys from AWS Admin console.

Login to AWS Admin console as root user


Click on “Create New Key Pair”


Download Private Key & Public Key files.

image (1)

Step 2   – Get the private/public keys from AWS Admin console.

Using Signed URLs.

$path :-  CDN URL

Using Signed Cookies

We need to generate the Signed URL first and then use them to set cookies from the server side.

Application URL :

CDN’s URL : .  (This is how we do it and we need to do this because we will not be able to set the cookies for a different domain *

And from the application, we set the following cookies in ‘’

  • CloudFront-Signature
  • CloudFront-Key-Pair-Id
  • CloudFront-Policy


Setting content-type for files in AWS S3

This tool can be used for uploading / syncing files from a server to s3 bucket and vice versa.

Following pages should provide enough information on how to use s3cmd.
But while uploading content using this tool, if we forget to set the content type of the file, the default content-type of the file will be set as binary/octet-stream.
How does it impact : File will get downloaded instead of rendering in browser. Even a html file can not be viewed in browser, it will be downloaded.
So, we might need to set the content type of these files properly when we upload files to s3 bucket.
s3cmd sync content_new/ s3://bucket-name/content_new/ --acl-public --recursive --progress --verbose --exclude ".svn/*" --add-header="Content-Encoding:UTF-8" --guess-mime-type
We might need to use –guess-mime-type option.


 -M, --guess-mime-type
Guess MIME type of files by their extension or mime magic. Fall back to default MIME-Type as specified by--default-mime-type option
Also, we can use s3cmd along with python-magic library.
pip install python-magic
PS : Use at your own risk