Skip to content
/ cloudfront-secure-media Public
generated from amazon-archives/__template_MIT-0

Referece code for protecting your Amazon CloudFront media distributions with AWS Cognito JWT Token, Lambda@Edge and Video.js

License

View license
23 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aws-samples/cloudfront-secure-media

BranchesTags

Repository files navigation

🔐 Secure Media Streaming with JWT + Lambda@Edge

Secure video streaming solution using JWT tokens validated at CloudFront edge locations with Lambda@Edge.

📋 Release Notes | 📄 License

🏗️ Architecture

Architecture

🧩 Components

Frontend: React app with Video.js player and AWS Amplify authentication
Backend: Amazon Cognito for auth, Lambda@Edge for JWT validation, CloudFront for CDN
Storage: S3 bucket with Origin Access Control for secure video storage

🚀 Quick Deploy

Prerequisites

npm install -g @aws-amplify/cli
amplify configure

Setup & Deploy

git clone https://github.com/aws-samples/cloudfront-secure-media.git
cd cloudfront-secure-media/
npm install

🎥 Optional: Convert Your Video

# Place video in demo/video/source/ then run:
./convert-to-hls.sh

📦 Initialize Amplify

amplify init
  • Project name: cloudfront-secure-media
  • Environment: dev
  • Editor: [your-editor]
  • Framework: react
  • Source Directory: src
  • Distribution Directory: build
  • Build Command: npm run-script build
  • Start Command: npm run-script start
  • AWS profile: [your-profile]

🚢 Deploy Everything

npm run deploy

This automatically:

  • ✅ Deploys Cognito user pool + Lambda function
  • ✅ Creates S3 bucket with secure access
  • ✅ Configures CloudFront + Lambda@Edge JWT validation
  • ✅ Updates frontend with CloudFront URLs
  • ✅ Uploads demo video

⏱️ Note: CloudFront deployment takes 10-15 minutes. Check status:
aws cloudfront get-distribution --id <DISTRIBUTION_ID> --query 'Distribution.Status' --output text
Status should show "Deployed" (not "InProgress").

🧪 Test Application

npm start
  1. 📝 Create account and sign in
  2. 🎬 Video player loads with demo video automatically
  3. 🔒 Try accessing video URL directly - blocked without authentication

Create Account

Video Player

🛠️ Manual Deployment

If you prefer step-by-step:

amplify push          # First push: Create Cognito + Lambda
amplify push          # Second push: Configure JWT validation
npm run post-deploy   # Update frontend config
npm run upload-demo   # Upload demo video

🧹 Cleanup (if needed)

In case you want to tear down the setup and remove all resources:

npm run cleanup

This removes:

  • Lambda@Edge function (us-east-1)
  • IAM role for Lambda@Edge
  • All Amplify resources (Cognito, CloudFront, S3, Lambda)

Manual cleanup (if needed):

amplify delete

📄 License

This sample code is available under a modified MIT-0 LICENSE

About

Referece code for protecting your Amazon CloudFront media distributions with AWS Cognito JWT Token, Lambda@Edge and Video.js

Topics

react aws video aws-lambda serverless media videojs jwt-token cloudfront amplify aws-amplify

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

23 stars

Watchers

5 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages