I have tried to find a CDN provider which would offer access control similar to Cloudfront's signed cookies but failed to find something that would match it. This is a major drawback with these providers offering S3 style bucket storage because most of time you would want to serve the content from a CDN and offloading access control to CDN via cookies makes life so much easier. You only need to set the cookies for the user's session once and they are automatically sent (by the web browser) to the CDN with no additional work needed
This is supported by Google Cloud using literally the same wording:
https://cloud.google.com/cdn/docs/using-signed-cookies
As far as I can tell, this feature is also supported by Akamai here:
https://techdocs.akamai.com/property-mgr/docs/cookie-authz
I am pretty sure you can implement this on CDNetworks using eval_func:
https://docs.cdnetworks.com/en/cdn/docs/recipes/secure-deliv...
With AWS Cloudfront, I'd think you--worst case--pull out Lambda@Edge?
Cloudfront “signed cookie” auth should “just work”: https://docs.aws.amazon.com/AmazonCloudFront/latest/Develope...
IIRC its essentially the same as the aws style signed urls and header bearer token auth. I _think_ lambda@edge is only relevant if you want to do the initial sig generation in the cdn instead of your api/app endpoint.
Edit: actually GP mentioned Cloudfront already, so yes works as theyre asking for AFAICT