download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

CloudFront - How to Create Private Streaming Distribution (POST Streaming Distribution with Origin Access Identity and AWS Trusted Signers)?

In AWS CloudFront, your data is organized into Distributions . You can create Private Streaming Distributions for on demand delivery of your rich media content. By creating a Distribution you register your Origin Server ( Amazon S3 Bucket where your S3 Objects are stored) with CloudFront. A distribution is a link between an Amazon S3 bucket (the origin server) and a domain name (assign by Amazon CloudFront). You can use this new domain name in place of standard Amazon S3 references to refer to the S3 Object. For Streaming Distribution all objects need to have "All User" Read permission, but if you want to restrict who can access your objects, then you can do it through creating Private Streaming Distribution and keep the object private. You can serve streaming distribution bucket’s contents as private content by making it a private streaming distribution.

Create Private Streaming Distribution:

Once you've stored your objects in your origin server (Amazon S3 Bucket), in-order to make Amazon CloudFront recognize your objects and restrict who can access your objects, you need to create a private streaming distribution, which is a link between an Amazon S3 bucket (the origin server) and a domain name (which Amazon CloudFront automatically assigns). To create a private streaming distribution you need to set some additional configuration in which you specify OriginAccessIdentityID and AWS Trusted Signers with other distribution configuration i.e. Bucket name, CNAME(s), Comment and Enable/Disable. In configuration CNAME(s) and Comment are optional. After that, you set the ACL on your objects so that only you and CloudFront have read permission for the objects. This means that end user’s access to the objects can only be through CloudFront. You also produce special signed URLs for particular end users whom you want to give access to.

To create a Private Streaming Distribution, you will need to send an HTTP POST Request to AWS server. You can send the POST Request in one of the following two ways:

  1. Create Private Streaming Distributions using AWS CloudFront REST API- POST Streaming Distribution - If you are a programmer, you can write your own software program to use CloudFront REST API to create Private Streaming Distribution.
  2. Create Private Streaming Distributions using Bucket Explorer - If you are not a software developer and are looking for an easier way, you can create Private Streaming Distribution with mouse clicks using Bucket Explorer UI.

1. Create Private Streaming Distribution using AWS CloudFront REST API

To create a new Private Streaming distribution, you will need to do a POST on the 2013-05-12/streaming-distribution resource. The request body must include an XML document with a StreamingDistributionConfig element.
To create a private streaming distribution you need to add some additional configuration in which you specify OriginAccessIdentityID and AWS Trusted Signers with other distribution configuration




POST /2013-05-12/streaming-distribution HTTP/1.1
Authorization: AWS authentication string
Date: time stamp
Other required headers
<?xml version="1.0" encoding="UTF-8"?>
<StreamingDistributionConfig xmlns="">
<CallerReference> unique description for this distribution </CallerReference>
<DNSName> CloudFront domain name assigned to the distribution </DNSName>
<Quantity> number of CNAME aliases </Quantity>
<Comment> comment about the distribution </Comment>
<Enabled>true | false</Enabled>
<Bucket> Amazon S3 bucket for logs </Bucket>
<Prefix> prefix for log file names </Prefix>
<Quantity> number of trusted signers </Quantity>
<AwsAccountNumber>self | AWS account that can create
signed URLs </AwsAccountNumber>
<PriceClass> maximum price class for the distribution </PriceClass>
<Enabled>true | false</Enabled>

2. Create Private Streaming Distribution using Bucket Explorer

Follow the given steps to create private streaming distribution:
  1. Run Bucket Explorer.
  2. Select "Distribution" icon in Bucket table toolbar and choose Create Distribution option or right click on any bucket and select " Manage Distribution -> New " option.
  3. It will open a new wizard to create distribution. Select Streaming Distribution.
  4. To set configuration, you need to give the following information:
    • Select the bucket name from the drop down list.
    • Select distribution type as "PRIVATE STREAMING".
    • Select Price Class to lower the prices you pay to deliver content out of Amazon CloudFront. The default price class includes all regions. Another price class includes most regions.
    • To create disabled distribution, deselect the check box "Enable Distribution". By default, it is enabled.
    • If you want to give comments for distribution, then write comment in the comment text field.
  • Add CNAME(s) to list box by clicking on "+" button and you can remove CNAME(s) by clicking on "-" button. You can give a maximum of up to 10 CNAME(s).
  • To enable logging, select the check box "Enable Logging".
  • Select the bucket where you want to create   the distribution logs. You can also give the  Prefix.
  • Click on Advanced button that exist at left-bottom corner.
  • It will open "Advanced" panel.
  • Here you can set Origin Access Identity and Trusted Signer [Optional] (other than your account number)
  • Set origin access identity from the existing or create new.
  • Add AWS Account Number in Trusted Signers list.
  • Click "OK".
  1. After setting the entire values for Streaming Distribution, click on " Create " button. It will create Private Streaming distribution for the specific bucket.