You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Static website hosting is still a thing. And often, we want to protect our content e.g. with a password, for example when a website should not yet be public. While S3 provides a way to host static websites, it unfortunately offers no possibility to protect these websites with e.g. HTTP Basic Auth.
This CloudFormation template utilizes CloudFront with Origin Access Identity and Lambda@Edge to mimic a static website with basic auth password protection. Cognito userpools are used to manage users and credentials.
Target Conditions
S3 bucket not open to the world (no static website hosting option enabled)
Date
Current Condition
Obstacle
Next Experiment/Step
Expected Outcome
Learned
I don't know how to protected an S3 bucket
Research
S3Auth.com: trust someone one the web? or self hosted.not serverless, no one-click
CloudFront OIA to protected the S3 origin
CloudFront signed cookies: no api call to generate the keys. Someone created this.
Too many unknowns with API gateway
Create prototype with API Gateway PROXY integration and custom authorizers
The second parameter to callback is either the request or the response. CloudFront does somehow magically determinte if we send a request or a response
08-21
U/P is passed through to Origin Request function (which is allowed to make network calls e.g. to Cognito), but u/p is not yet validated
testing cycle for lambdas is too slow
write a simple makefile with lambda invoke for test calls to lambda@edge functions
development speeds up because cloudfront update is taken out of the test cycle
makefile plugin for intellij
lambda tail and base64 decode onliner could be a blog post
cloudformation deploy for idempotent stack updates
08-25
fixed U/P is not validated, target condition done
Cognito Connection (Infra via CloudFormation, and Implementation into Lambda)
Date
Current Condition
Obstacle
Next Experiment/Step
Expected Outcome
Learned
08-25
No Cognito at all
No Cognito userpool conneciton in Lambda@Edge
implement it
A manually created user in a manually created userpool can be authorized though the Lambda@edge function
ADMIN_NO_SRP_AUTH can be used for U/P authentication in Cognit
AWS Region has to be set in Edge function, it is not the same as the CFN stack region
09-05
Manually created Cognito userpool integrated
Responses are cached at the Edge, so it apparently answers with a cached version even if not authorized
try to forbid caching at all
Forbidding caching will pass all requests to the Origin Request function
superseeds #12
Vision / Story
Static website hosting is still a thing. And often, we want to protect our content e.g. with a password, for example when a website should not yet be public. While S3 provides a way to host static websites, it unfortunately offers no possibility to protect these websites with e.g. HTTP Basic Auth.
This CloudFormation template utilizes CloudFront with Origin Access Identity and Lambda@Edge to mimic a static website with basic auth password protection. Cognito userpools are used to manage users and credentials.
Target Conditions
S3 bucket not open to the world (no static website hosting option enabled)
Fixed credentials (Basic Auth) are validated (no connection to Cognito yet)
(200 im OK fall und Object ausliefern und 401 im Non-Auth fall)
callbackis either the request or the response. CloudFront does somehow magically determinte if we send a request or a responseCognito Connection (Infra via CloudFormation, and Implementation into Lambda)
ADMIN_NO_SRP_AUTHcan be used for U/P authentication in CognitAuthorizationheader to the cache config: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html so that we cannot cache based on that header$$to escape a$in a MakefileParking Lot / TODO
Next steps:
The text was updated successfully, but these errors were encountered: