diff --git a/app/routes/_index.tsx b/app/routes/_index.tsx
index 8472f30..cf27978 100644
--- a/app/routes/_index.tsx
+++ b/app/routes/_index.tsx
@@ -1,6 +1,7 @@
 import { Container, Flex, Heading } from "@chakra-ui/react";
 import { type LinksFunction } from "@remix-run/cloudflare";
 import { useLoaderData } from "@remix-run/react";
+import { AwsClient } from "aws4fetch";
 import stylesheet from "../styles/_index.css";
 
 export const links: LinksFunction = () => {
@@ -14,47 +15,30 @@ export async function loader({
 }): Promise<string[]> {
   if (context.request.headers.get("Save-Data") === "on") return [];
 
-  const signingKey = await crypto.subtle.importKey(
-    "raw",
-    // @ts-expect-error
-    Uint8Array.from(atob(context.env.URL_SIGNING_KEY), (m) => m.codePointAt(0)),
-    { hash: "SHA-1", name: "HMAC" },
-    false,
-    ["sign"],
-  );
+  const s3base = `https://car-crushers.${context.env.R2_ZONE}.r2.cloudflarestorage.com`;
 
-  const expiration = Math.floor(Date.now() / 1000) + 600;
   const baseURLs = [
-    `https://mediaproxy.carcrushers.cc/trailer.webm?Expires=${expiration}&KeyName=portal-media-linkgen`,
-    `https://mediaproxy.carcrushers.cc/trailer.mp4?Expires=${expiration}&KeyName=portal-media-linkgen`,
+    `https://${s3base}/trailer.webm?X-Amz-Expires=600`,
+    `https://${s3base}/trailer.mp4?X-Amz-Expires=600`,
   ];
 
-  const signaturePromises = [];
-
-  for (const baseURL of baseURLs)
-    signaturePromises.push(
-      crypto.subtle.sign("HMAC", signingKey, new TextEncoder().encode(baseURL)),
-    );
+  const aws = new AwsClient({
+    accessKeyId: context.env.R2_ACCESS_KEY,
+    secretAccessKey: context.env.R2_SECRET_KEY,
+  });
 
-  const signatures = Array.from(
-    (await Promise.allSettled(signaturePromises)).values(),
-  );
   const urls = [];
 
   for (let i = 0; i < baseURLs.length; i++) {
-    const sig = signatures[i];
-
-    if (sig.status === "rejected")
-      throw new Response(`Failed to create signature for ${baseURLs[i]}`, {
-        status: 500,
-      });
-
-    const urlSig = btoa(String.fromCharCode(...new Uint8Array(sig.value)))
-      .replaceAll("+", "-")
-      .replaceAll("/", "_")
-      .replaceAll("=", "");
-
-    urls.push(`${baseURLs[i]}&Signature=${urlSig}`);
+    urls.push(
+      (
+        await aws.sign(baseURLs[i], {
+          aws: {
+            signQuery: true,
+          },
+        })
+      ).url,
+    );
   }
 
   return urls;