Handy Dev Tools
Simple online tools for everyday tasks.

No favorites

    Base64 Encoder/Decoder
    Markdown to HTML
    HTML to Markdown
    URL Encoder/Decoder
    Unicode Escape Converter
    Unicode Encode/Decode
    SQL Formatter
    SQL Splitter
    JSON Formatter
    XML Formatter
    YAML Formatter
    GraphQL Formatter
    JSON to YAML Conversion
    YAML to JSON Conversion
    JSON to TOML Conversion
    TOML to JSON Conversion
    HTML Entity Encode/Decode
    TOML to YAML Conversion
    YAML to TOML Conversion
    CSV to SQL INSERT Conversion
    Markdown Table Generator
    JSON to XML Conversion
    XML to JSON Conversion
    UUID Generator
    ULID Generator
    Password Generator
    Hash Generator
    Lorem Ipsum Generator
    Lorem Picsum Image URL Generator
    Test Data Generator Tool
    QR Code Generator
    S3 Path Parser & Converter
    IP Address Calculator
    Subnet Split
    Subnet Consolidation
    CloudFront Signed URL Generator
    RDS Connection String Generator
    Coordinate Format Converter
    Geo Format Converter
    JWT Decoder & Parser
    Basic Auth
    Password Strength Analyzer
    Credit Card Validator
    RSA Key Pair Generator
    Case Conversion
    Romaji Conversion
    Roman Numeral Conversion
    Phonetic Code Conversion
    Character Counter
    Text Diff
    HTML Tag Remover
    Regex Tester
    Color Conversion
    Dice Roll
    Crontab generator
    Crontab parser
    Emoji Picker
    Unix Timestamp Converter
    HTTP Status Code Search
    Port Number Search
    MIME Type Lookup
    Base64 File Converter
    Image Base64 Encode/Decode
    User-Agent Parser
    URL Parser
    OGP Checker
    Commit Message Generator
    Chmod Calculator
    Terminal GIF Generator
    .env Parser & Validator
Ctrl+K

CloudFront Signed URL Generator

Generate signed URLs for AWS CloudFront private content

Basic Settings

Example: https://d111111abcdef8.cloudfront.net/private/video.mp4

Expiration Time
Policy Type
Key Pair Information

Example: APKAXXXXXXXXXXXXXXXX

Private Key (PEM format)

Enter RSA private key in PEM format or read from file

How to use

About this tool

Generates signed URLs for accessing private content on AWS CloudFront. Supports both Canned Policy and Custom Policy, with advanced options including IP address restrictions, start time, and multiple resource patterns.

How to use

1. Basic Settings: Enter CloudFront URL, expiration time (relative/absolute/UNIX timestamp), and policy type (Canned/Custom) 2. Key Pair Information: Enter Key Pair ID and RSA private key in PEM format, or load from file 3. Advanced Options (Custom Policy only): Set IP address restrictions, start time, and multiple resource patterns 4. Click "Generate" to create the signed URL 5. Copy the generated URL, generate QR code, or test the URL

Options

Policy Type: Canned Policy (simple, expiration only) or Custom Policy (IP restrictions, start time, multiple resources). Expiration: Relative time (minutes/hours/days/weeks), absolute time (datetime and timezone), or UNIX timestamp (seconds). Advanced Options (Custom Policy): IP address/CIDR (e.g., 192.168.1.0/24), start time (datetime and timezone), resource pattern (wildcard support, e.g., https://d111111abcdef8.cloudfront.net/private/*).

Use cases

• Temporary access to premium content (videos, PDFs, images, etc.) • Generating download links for restricted files • Time-limited access control • Secure delivery with IP address restrictions • Bulk access permission for multiple file patterns

How it works

CloudFront signed URLs are generated using RSA-SHA1 signing. For Canned Policy, a simple URL parameter with expiration only is generated. For Custom Policy, a JSON policy (including IP restrictions, start time, resource patterns) is Base64 URL safe encoded and signed with RSA-SHA1. All processing is done in the browser; private keys are never sent to any server.

Privacy and data

All processing is done in the browser; private keys and generated URLs are never sent to any server. Private keys are only handled in memory and are not stored in local storage.

FAQ

Q: What is the difference between Canned Policy and Custom Policy?
A: Canned Policy generates a signed URL with an expiration time only — the simplest option. Custom Policy supports additional restrictions: start time (earliest access), IP address/CIDR restriction, and multiple resource patterns with wildcard support.
Q: Where do I find my CloudFront Key Pair ID and private key?
A: In the AWS Console: go to CloudFront → Key Management → Public Keys to create or view key pairs. The Key Pair ID is shown in the list. Download the private key (.pem file) when creating — it cannot be retrieved later.
Q: Is it safe to paste my private key into this tool?
A: All processing is done entirely in the browser — your private key is never sent to any server and is not stored in localStorage. It exists only in memory and is cleared when you close or reload the page. As a general rule, avoid using production private keys in browser tools.
Q: Can I restrict access to multiple file patterns with one signed URL?
A: Yes, with Custom Policy. Use wildcards in the resource pattern (e.g. https://d111111abcdef8.cloudfront.net/private/*) to cover multiple files under a path with a single signed URL.
Q: How do I set the expiration time?
A: Three formats are supported: relative time (e.g. 1 hour from now), absolute datetime with timezone selection, and a raw UNIX timestamp in seconds.