Note: Please go to to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Guides > Dashboard Users Guide > Clouds > AWS Global > CloudFront Origin Access Identities > Actions > Create Amazon CloudFront Key Pairs

Create Amazon CloudFront Key Pairs


To generate an Amazon CloudFront key pair so that you can create signed URLs to access private content from a CloudFront distribution.

Table of Contents


AWS Account with the CloudFront Service enabled. 


CloudFront uses access keys to authenticate requests you make to CloudFront.  Trusted signers with at least one CloudFront key pair can create signed URLs that can be used to temporarily access private content that's stored in your origin server (S3 bucket).

Unfortunately, you cannot create CloudFront Key Pairs inside the Dashboard.  You must create them using the AWS Management Console.


  • Log into your AWS Account at
  • Go to Account -> Security Credentials.
  • Under "Access Credentials" click the "Key Pairs" tab.
  • You can either create a new key pair or upload the public key of an existing key pair.


Each CloudFront key pair includes a public key, private key, and an ID for the key pair.  You can only have up to two key pairs per AWS account. 

Here is an example of a signed url:

Notice that the signed url contains the public CloudFront Access Key ID and an expiration date (default = 24 hrs).

You must to post a comment.
Last modified
22:09, 16 May 2013



This page has no classifications.



© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.