I'm trying to use Trusted Key Groups in CloudFront and I'm getting the below message
<Error> <Code>InvalidKey</Code> <Message>Unknown Key</Message> </Error>
The way I created the signed URL is.
- I went to Security credentials, created ** CloudFront key pairs** and then download the private and public key.
- I then went into CloudFront and copied and pasted the public key I got from the first step into there.
- Created the **Keygroup **and selected the above Public Key.
- I went to the CloudFront distribution, then to Behavior and selected Restrict viewer access then Trusted key groups (recommended) and chose the group I created above.
- I used CLI to generate a signed url
aws cloudfront sign --url domain.com/index.html --key-pair-id A*** --private-key file://pk-A***.pem --date-less-than 2060-01-01