Laravel 5.6+ wrapper around CloudFront canned signed URLs

v3.3.0 2022-03-14 11:45 UTC


Easy to use Laravel 6+ wrapper around the official AWS PHP SDK which allows to sign URLs to access Private Content through CloudFront CDN

Inspired by laravel-url-signer

Latest Version on Packagist Total Downloads

This package can create canned policies signed URLs for CloudFront which expires after a given time. This is done by wrapping the AWS SDK method adding a Laravel-style configuration and accessibility.

This is how you can create signed URL that's valid for 30 days:

// With Facade
CloudFrontUrlSigner::sign('https://myapp.com/resource', 30);

// With helper
sign('https://myapp.com/resource', 30);

The output is compliant with CloudFront specifications


The package can be installed via Composer:

composer require dreamonkey/laravel-cloudfront-url-signer


The configuration file can optionally be published via:

php artisan vendor:publish --provider="Dreamonkey\CloudFrontUrlSigner\CloudFrontUrlSignerServiceProvider"

This is the content of the file:

return [
     * The default expiration time of a URL in days.
    'default_expiration_time_in_days' => 1,

     * The private key used to sign all URLs.
    'private_key_path' => storage_path(env('CLOUDFRONT_PRIVATE_KEY_PATH', 'trusted-signer.pem')),

     * Identifies the CloudFront key pair associated
     * to the trusted signer which validates signed URLs.
    'key_pair_id' => env('CLOUDFRONT_KEY_PAIR_ID', ''),

     * CloudFront API version, by default it uses the latest available.
    'version' => env('CLOUDFRONT_API_VERSION', 'latest'),



Signing URLs

URL's can be signed with the sign method:


By default the lifetime of an URL is one day. This value can be change in the config-file. If you want a custom life time, you can specify the number of days the URL should be valid:

// The generated URL will be valid for 5 days.
CloudFrontUrlSigner::sign('https://myapp.com/resource', 5);

For fine grained control, you may also pass a DateTime instance as the second parameter. The url will be valid up to that moment. This example uses Carbon for convenience:

// This URL will be valid up until 2 hours from the moment it was generated.
CloudFrontUrlSigner::sign('https://myapp.com/resource', Carbon\Carbon::now()->addHours(2) );


Please see CHANGELOG for more information what has changed recently.


$ vendor/bin/phpunit


Please see CONTRIBUTING for details.


If you discover any security related issues, please email p.caleffi@dreamonkey.com instead of using the issue tracker.



The MIT License (MIT). Please see License File for more information.