Creating Signed URLs for Amazon CloudFront

Question

Short version: How do I make signed URLs "on-demand" to mimic Nginx's X-Accel-Redirect behavior (i.e. protecting downloads) with Amazon CloudFront/S3 using Python.

I've got a Django server up and running with an Nginx front-end. I've been getting hammered with requests to it and recently had to install it as a Tornado WSGI application to prevent it from crashing in FastCGI mode.

Now I'm having an issue with my server getting bogged down (i.e. most of its bandwidth is being used up) due to too many requests for media being made to it, I've been looking into CDNs and I believe Amazon CloudFront/S3 would be the proper solution for me.

I've been using Nginx's X-Accel-Redirect header to protect the files from unauthorized downloading, but I don't have that ability with CloudFront/S3--however they do offer signed URLs. I'm no Python expert by far and definitely don't know how to create a Signed URL properly, so I was hoping someone would have a link for how to make these URLs "on-demand" or would be willing to explain how to here, it would be greatly appreciated.

Also, is this the proper solution, even? I'm not too familiar with CDNs, is there a CDN that would be better suited for this?

Answer 1

You can use the boto python module to generate them for you:

>>> import boto
>>> s3conn = boto.connect_s3('KEY', 'SECRET')
>>> bucket = s3conn.get_bucket('mybucket', validate=False)
>>> key = bucket.new_key('/some/key')
>>> key.generate_url(expires_in=10)
>>> 'https://mybucket.s3.amazonaws.com//some/key?Signature=fN4Hfys9Ky9w2IGpFd7fzh8TjBQ%3D&Expires=1271156990&AWSAccessKeyId=KEY'