S3 sign url with cloudfront

I want to use localstack to mock the following:

  1. S3 bucket that contains files
  2. cloudfront cdn that signed URL for objects in S3 and serve them.

I have a service that sign URL as such

https://<cdn domain>/<dir>/file.txt?Expires=0000&Key-Pair-Id=YYY&Signature=XXX

however I can’t seem to mock it with localstack.
I followed the instructions here https://docs.localstack.cloud/user-guide/aws/cloudfront/ (I know this is not signed but this is where I got stuck) but after setting the cloudfront I get refused connection on the curl command.

any help with this setup would be appreciated.

I use this docker-compose file:

version: ‘3.8’
services:
localstack:
container_name: “aws-mock”
image: localstack/localstack-pro
ports:
- “4566:4566”
environment:
- SERVICES=secretsmanager,s3,cloudfront
- DEBUG=${DEBUG-}
- DATA_DIR=${DATA_DIR-}
- DOCKER_HOST=unix:///var/run/docker.sock
- LOCALSTACK_API_KEY=${LOCALSTACK_API_KEY- }
volumes:
- “${TMPDIR:-/tmp}/localstack:/tmp/localstack”
- “/var/run/docker.sock:/var/run/docker.sock”

Hi @Hein,

Could you please give a try to a default docker-compose.yml file and see if the connection issue is still there?
Using DEBUG=1 and LS_LOG=trace should give you more details within the LocalStack logs.

version: "3.8"

services:
  localstack:
    container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
    image: localstack/localstack-pro  # required for Pro
    ports:
      - "127.0.0.1:4566:4566"            # LocalStack Gateway
      - "127.0.0.1:4510-4559:4510-4559"  # external services port range
      - "127.0.0.1:53:53"                # DNS config (required for Pro)
      - "127.0.0.1:53:53/udp"            # DNS config (required for Pro)
      - "127.0.0.1:443:443"              # LocalStack HTTPS Gateway (required for Pro)
    environment:
      - DEBUG=1
      - LS_LOG=trace
      - PERSISTENCE=0
      - LOCALSTACK_API_KEY=${LOCALSTACK_API_KEY-}  # required for Pro
      - DOCKER_HOST=unix:///var/run/docker.sock
    volumes:
      - "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
      - "/var/run/docker.sock:/var/run/docker.sock"

thank you very much. I guess I was missing the ports from what I can see.
can you also explain how to configure URL signer since I didn’t find any documentation about this?

Hi @Hein,

I do not believe that all the operations are yet to be implemented in LocalStack to make it work.
Could you please create a Feature request in this forum and share your use case with a small example?

This will help us to include it on our roadmap.

Thank you.

Oh, I see now that operations regarding public keys are not supported yet.
Thanks for the help