CloudFront Media Behavior Automation Web PHP v65

Goal

This is a portable PHP tool: unzip it anywhere PHP can run, update the password and credentials, then use the browser to configure CloudFront media caching and CORS.

Package files

This package intentionally contains only these files:

• cloudfront-media-behavior-automation.php — main tool
• cloudfront-tool-local-config.php — optional local AWS credential config
• README.html — documentation
• LICENSE.txt — MIT license

No index.php, no web.config, no Markdown files.

Quick start

1. Unzip the package anywhere PHP can run.
2. Open cloudfront-media-behavior-automation.php in your editor.
3. Edit the first PHP setting line, immediately after <?php: const TOOL_PASSWORD_DEFAULT = 'change-this-password-now';
4. Open cloudfront-tool-local-config.php and add AWS credentials, or leave placeholders and enter keys manually in the browser.
5. Open cloudfront-media-behavior-automation.php in your browser.
6. Click Load distributions.
7. Select the distributions you want.
8. Run Dry run.
9. If the dry run looks right, run Apply.

Launch URL example

http://localhost/beta/cloudfront-media-behavior-automation-web-php/cloudfront-media-behavior-automation.php

App password

In cloudfront-media-behavior-automation.php, set:

const TOOL_PASSWORD_DEFAULT = 'your-private-tool-password';

Optional local credential file

The tool uses exactly one local credential filename:

cloudfront-tool-local-config.php

Edit it on your trusted private machine:

<?php
return [
    'awsAccessKeyId' => 'REAL_AWS_ACCESS_KEY_ID_HERE',
    'awsSecretAccessKey' => 'REAL_AWS_SECRET_ACCESS_KEY_HERE',
    'awsSessionToken' => '',
];

You can also leave placeholders and enter keys manually in the browser.

What the tool automates

Creates or reuses:

• MediaCacheLong1Year
• PublicMediaCORSFromEverywhere
• JsonNearFresh
• DebugNoCache

Adds or updates media, JSON, and debug CloudFront behaviors on selected distributions.

Security

Use local config only on localhost/private IIS. Do not upload filled-in AWS credentials to public hosting or a public repository.

For shared or temporary hosting, enter AWS keys manually at run time, run the tool, delete the tool, and deactivate/delete the temporary AWS key.

v65 package rule

cloudfront-media-behavior-automation.php
cloudfront-tool-local-config.php
README.html
LICENSE.txt

Browser password saving

The tool uses a fixed username so Chrome and other password managers can save the tool password reliably:

cloudfront-media-tool

Do not change the username unless you also want the browser to treat it as a different saved login.

Windows PHP TLS note

If Test AWS credentials reports cURL error 60 or “unable to get local issuer certificate”, the local PHP/cURL build cannot verify AWS TLS certificates.

The tool tries normal PHP/cURL trust first, then Windows native CA support when the PHP/cURL build exposes it.

If that still fails, use a normal HTTPS hosting account or a Windows PHP/cURL build that supports the Windows certificate store.

The tool keeps TLS verification enabled.