Problem

I have Access Denied for GET request to cloudfront with signed cookies using both canned and custom policy.

Details

1. cdn.example.com is the alternate domain of abc.cloudfront.net, and CNAME is set on both cloudfront and cloudflare.
2. I expect after abc.example.com/authorize, cdn.example.com is accessible.
3. I am using PHP with Laravel behind abc.example.com/authroize, and the code is as follows.

```

$cloudFront = new Aws\CloudFront\CloudFrontClient([
    'region'  => 'us-west-2',
    'version' => '2014-11-06'
]);

$resourceKey = 'http://cdn.example.com';
$expires = time() + 300;

$signedCookieCannedPolicy = $cloudFront->getSignedCookie([
        'url'         => $resourceKey,
        'expires'     => $expires,
        'private_key' => 'pk.pem',
        'key_pair_id' => 'XXXXXXXXXXXXXX',
]);

$response = Response::success();
foreach ($signedCookieCannedPolicy as $name => $value) {
    $response->withCookie(Cookie::make($name, $value, 360, null, 'example.com'));
}

return $response;

```

4. The cookies are set for .example.com

5. When I go to cdn.example.com, the following message is shown

Thanks in advance.

Turns out the issue was due to the encrypted cookies. You might want to check: https://laravel.com/api/5.2/Illuminate/Cookie/CookieJar.html#method_make And if you are using Laravel 5.2, make sure you added exception if you used middleware to encrypt.