Generate a policy document that describes custom access permissions to
            apply via a private distribution's signed URL.
            
 Declaration Syntax
 Declaration Syntax Parameters
 Parameters- resourcePath (String)
- 
            An optional HTTP/S or RTMP resource path that restricts which
            distribution and S3 objects will be accessible in a signed
            URL. For standard distributions the resource URL will be
            "http://" + distributionName + "/" + objectKey (may
            also include URL parameters. For distributions with the HTTPS
            required protocol, the resource URL must start with
            "https://". RTMP resources do not take the form of a
            URL, and instead the resource path is nothing but the stream's
            name. The '*' and '?' characters can be used as a wildcards to
            allow multi-character or single-character matches
            respectively:
            - * : All distributions/objects will be accessible
- a1b2c3d4e5f6g7.cloudfront.net/* : All objects within the distribution a1b2c3d4e5f6g7 will be accessible
- a1b2c3d4e5f6g7.cloudfront.net/path/to/object.txt : Only the S3 object named path/to/object.txt in the distribution a1b2c3d4e5f6g7 will be accessible.
 
- epochDateLessThan (DateTime)
- An optional UTC time and date when the signed URL will become active. If null, the signed URL will be active as soon as it is created.
- limitToIpAddressCIDR (String)
- An optional range of client IP addresses that will be allowed to access the distribution, specified as a CIDR range. If null, the CIDR will be 0.0.0.0/0 and any client will be permitted.
 Return Value
 Return ValueA policy document describing the access permission to apply when
            generating a signed URL.