How to Add Expiration Date to CloudFront URLs

Answer - B.

A signed URL includes additional information, for example, an expiration date and time, that gives you more control over access to your content.

For more information on signed URL's, please refer to the below URL:

To add an expiration date to the URLs provided by Cloudfront, the recommended method is to use a signed URL. Signed URLs provide a way to grant time-limited access to specific objects, which means that you can set an expiration date for each URL.

Signed URLs are created by adding authentication information to the query string of a URL. The authentication information includes an access key, a signature, and an expiration date. The access key is used to identify the user making the request, the signature is used to verify that the request is authentic, and the expiration date is used to specify when the request should no longer be valid.

To create a signed URL, you can use the AWS SDK or the Cloudfront API. You specify the object that you want to access, the expiration date, and the access key that should be used to sign the URL. Once the URL is signed, you can distribute it to users and they will be able to access the object for the duration of the expiration period.

Using cookies to embed the expiration date is not recommended because it requires more complex setup and maintenance, and also exposes the expiration date to the client-side, which can be a security risk.

Setting an expiration date for the Cloudfront distribution itself would apply the same expiration date to all URLs, which is not a recommended approach if you want to grant time-limited access to specific objects.

In conclusion, the recommended method to add an expiration date to URLs provided by Cloudfront is to use a signed URL, which provides a secure and flexible way to grant time-limited access to specific objects.