Amazon CloudFront Utilities

Using the AWS SDK for Go V2 Amazon CloudFront Utilities

Amazon CloudFront URL Signer

The Amazon CloudFront URL signer simplifies the process of creating signed URLs. A signed URL includes information, such as an expiration date and time, that enables you to control access to your content. Signed URLs are useful when you want to distribute content through the internet, but want to restrict access to certain users (for example, to users who have paid a fee).

To sign a URL, create a URLSigner instance with your CloudFront key pair ID and the associated private key. Then call the Sign or SignWithPolicy method and include the URL to sign. For more information about Amazon CloudFront key pairs, see Creating CloudFront Key Pairs for Your Trusted Signers in the CloudFront Developer Guide.

The following example creates a signed URL that’s valid for one hour after it is created.

import ""

// ...

signer := sign.NewURLSigner(keyID, privKey)

signedURL, err := signer.Sign(rawURL, time.Now().Add(1*time.Hour))
if err != nil {
    log.Fatalf("Failed to sign url, err: %s\n", err.Error())

For more information about the signing utility, see the sign package in the AWS SDK for Go V2 API Reference.

Last modified November 24, 2020: Developer Guide: SDK Utilities (#924) (cdec04c)