We have a mobile app + web app which displays certain content. Both apps are displaying content from the cloud. In most cases it shown one by one, but in some usage scenarios mobile app may need to download hundreds of files to the device. We want to make sure that access to these files will be available for the registered users only.
As of now we are using another cloud, where we can generate a token and this token can be used to download any files but for very limited time and we are refreshing this token.
In AWS we are considering to use signed URLs, but it works for single file only. It causes some issues:
Are there any options to generate time-limited token which could be used to access multiple files through the CloudFront?
I've read more documentation and was able to implement what I need with signed URLs using custom policy. The instruction can be found in the "Creating a signed URL using a custom policy" article.
The key moment there is that we have to use wildcard in the Resource property.
Thanks to Mark B for pointing me on another article. It gave me better understanding of the policy usage in this scenario and helped to solve the problem.