Amazon Web Services announced that Amazon CloudFront now gives users CloudFront signed HTTP cookies to secure private content. Whereas before, you’d control who could access CloudFront content using a custom signature for each objectURL, you can now include the signature in an HTTP cookie.
According to the company, this enables you to restrict access to multiple objects (such as whole site authentication) or to a single object without having to change URLs.
“Signed HTTP cookies make it easy to restrict viewer access to your streaming media content,” says senior product manager Omid Behzadian. “For example, if your media content is in HTTP Live Streaming (HLS) format, you can use Amazon Elastic Transcoder or your media server to generate the playlist and media segments. You then write your web application to authenticate each user and to send a Set-Cookie header that sets a cookie on the user’s device. When a user requests a restricted object, the browser forwards the signed cookie in the request, and CloudFront checks the cookie attributes to determine whether to allow or restrict access to the HLS stream. CloudFront checks for this cookie when the player requests the playlist and when the player requests each segment, which ensures that the end-to-end stream is secured.”
“This is a nice addition to AWS’ growing portfolio of security features targeted for media delivery,” adds Behzadian. “You may remember that Amazon Elastic Transcoder released HLS Content Protection earlier this year. Also, be sure to check out a recording of the Secure Media Streaming and Delivery Session at re:Invent for tips on architecting an end-to-end secure media solution on AWS.”
Using private content with CloudFront does not mean extra charges.
The company will be providing a CloudFront office hours on March 26, where it will be demoing CloudFront Signed Cookies. You can sign up for that here if you like.
In other Amazon Web Services news, the company confirmed that it has acquired 2lemetry, an Internet-of-Things startup that has a system for sending, receiving, and analyzing connected devices.
Image via Amazon