PHP AWS SDK | How To Create Signed URL With Custom Domain

I'm using AWS SDK with Laravel framework in PHP. Here is my code

$cloudFront = new CloudFrontClient([
    'region'  => env('AWS_REGION'),
    'version' => 'latest'

$path = "R180417XXXX.mp4"

$resourceURL = "" . $path;
$expires = Carbon::now()->addMinutes(5)->timestamp;

$signedUrlCannedPolicy = $cloudFront->getSignedUrl([
    'url'         => $resourceURL,
    'expires'     => $expires,
    'private_key' => base_path('pk-APKAI2PXXXXXXXXXXXXX.pem'),
    'key_pair_id' => 'APKAI2PXXXXXXXXXXXXX',

This code is working but the URL it look like this

But I'm just setting CNAME in CloudFront like server1.domain.tld I want the signed URL show like


I'm have been tried to change $resourceURL to

$resourceURL = "https://server1.domain.tld/" . $path;

It's not working.

It's response status code 403 and I has been set Origin Access Identity I don't know why not working

Here is my Amazon S3 Policy

    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2OP22ZEXXXXXX"
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::server1.domain.tld/*"

Please help...




In Route53, there needs to be a hosted zone for your tld and a record set of type CNAME that is an alias to Cloudfront distribution.

Here are steps to follow:

  • Create certificate in Certificates Manager for domain.tld and server1.domain.tld.

  • Edit your Cloudfront Distribution Settings and set SSL certificate for the distribution to the custom one. Set SSL Certificate for Distribution

  • Ensure that Alternate Domain Names (CNAMEs) for your distribution lists server1.domain.tld

List Alternate Domain Names for Distribution