How do I get a signed cookie in aws-sdk-js-v3

Question

I'd like to use signed cookies to view private content stored on S3 with CloudFront for CDN.

I can't figure out which commands to use to get signed cookies in aws-sdk-js-v3. Per the new SDK docs it should look something like the second code sample below, but I can't find the specific npm package containing the commands I need. In v2 it was "getSignedCookie" but I don't know what that's been updated to.

Old-school (v2) version:

import AWS from "aws-sdk";

const CFSigner = new AWS.CloudFront.Signer(cfPublicKeyId, cfPrivateKey);
const policy = JSON.stringify({
        Statement: [
          {
            Resource: `https://${cfDomain}/images/*`,
            Condition: {
              DateLessThan: {
                "AWS:EpochTime": expireTime,
              },
            },
          },
        ],
      });

const myCookie = CFSigner.getSignedCookie({ policy });

Attempt using v3 SDK

import {
  CloudFrontClient,
  CloudFrontClientConfig,
} from "@aws-sdk/client-cloudfront";
import { ICantFindAnAppropriateCommandToSignCookies } from "ICantFindAnAppropriateCommandToSignCookies";

async function signMyCookies() {
  const config: CloudFrontClientConfig = {
    apiVersion: "2015-12-08",
    credentials: {
      accessKeyId: process.env.SC_ADMIN_ACCESS_KEY_ID,
      secretAccessKey: process.env.SC_ADMIN_SECRET_ACCESS_KEY,
    },
    region: "us-east-01",
  };

  const cfClient = new CloudFrontClient(config);

  const cfDomain = process.env.CLOUDFRONT_DOMAIN;

  const twoDays = 2 * 24 * 60 * 60 * 1000;

  const expireTime = Math.floor((Date.now() + twoDays) / 1000);

  const params = {
    policy: JSON.stringify({
      Statement: [
        {
          Resource: `https://${cfDomain}/images/*`,
          Condition: {
            DateLessThan: {
              "AWS:EpochTime": expireTime,
            },
          },
        },
      ],
    }),
  };

  const command = new ICantFindAnAppropriateCommandToSignCookies(params);

  try {
    const data = await cfClient.send(command);
    console.log("SUCCESS!", data);
  } catch (error) {
    console.error("OH NO ERROR GETTING SIGNED COOKIE", error);
  } finally {
    console.log("PROCESS COMPLETE");
  }
}

Answer 1

For future reference, I found this https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_cloudfront_signer.html

indicating that the library @aws-sdk/cloudfront-signer, which has methods like getSignedCookies()

could be used.

If the link should change, here is some example code from the link:

const { getSignedCookies } = require("@aws-sdk/cloudfront-signer"); // CJS

const cloudfrontDistributionDomain = "https://d111111abcdef8.cloudfront.net";
const s3ObjectKey = "private-content/private.jpeg";
const url = `${cloudfrontDistributionDomain}/${s3ObjectKey}`;
const privateKey = "CONTENTS-OF-PRIVATE-KEY";
const keyPairId = "PUBLIC-KEY-ID-OF-CLOUDFRONT-KEY-PAIR";
const dateLessThan = "2022-01-01";

const cookies = getSignedCookies({
  url,
  keyPairId,
  dateLessThan,
  privateKey,
});

Answer 2

It appears they do not offer the functionality yet. Here is the feature request github issue to follow along: https://github.com/aws/aws-sdk-js-v3/issues/1862.