Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Serverless Protected Static Website #12

Closed
wants to merge 27 commits into from
Closed

[WIP] Serverless Protected Static Website #12

wants to merge 27 commits into from

Conversation

s0enke
Copy link
Owner

@s0enke s0enke commented Jul 12, 2017
edited

Static website hosting is still a thing. And often, we want to protect our content e.g. with a password, for example when a website should not yet be public. While S3 provides a way to host static websites, it unfortunately offers no possibility to protect these websites with e.g. HTTP Basic Auth.
This CloudFormation Terraform template utilizes CloudFront with Origin Access Identity and Lambda@Edge to mimic a static website with basic auth password protection. Cognito userpools are used to manage credentials.

TODO:

  • Lambda@Edge at Origin has to generate the Cookie for OAI after checking credentials against Cognito
  • Something has to generate a form or http basic auth headers in CFN
  • Connection between CloudFront and Lambda (Custom Resource?)
  • OAI as Custom Resource or Terraform
  • CloudFront Lambda with TerraForm
  • Are signed urls needed? With network access at the lambda@edge we might not need this
  • Description
  • Cognito Userpool
  • S3 Bucket
  • Route53 optional
  • Custom SSL Cert
  • Subdomain to path mapping optionl
  • Caching optional

Lessons Learned:

@s0enke s0enke changed the title Serverless Protected Static Website [WIP] Serverless Protected Static Website Jul 12, 2017
@s0enke s0enke force-pushed the serverless-protected-website-hosting branch from eb27dc5 to 9351fb6 Compare July 30, 2017 19:35
@s0enke s0enke force-pushed the serverless-protected-website-hosting branch from 9ceeaa5 to 81901d1 Compare July 30, 2017 19:58
@s0enke
remove cloudfront event experiments
93d6b45 
which proved not to be able to change the http status code to 401
@s0enke s0enke force-pushed the serverless-protected-website-hosting branch from 4860dee to b449814 Compare August 3, 2017 18:02
@s0enke
serverless static website hosting
8d84212 
step one without authentication, but with OIA and correct path rewrites
@s0enke
remove obsolete todo
9557bd0
@s0enke
move terraform gitignore to root ignore
e2069d9 
because terraform is now also used in the tests
@s0enke s0enke force-pushed the serverless-protected-website-hosting branch from d88ebe4 to e2069d9 Compare August 4, 2017 07:35
@s0enke s0enke force-pushed the serverless-protected-website-hosting branch from 369179b to 7c7eba8 Compare August 5, 2017 13:15
@s0enke s0enke force-pushed the serverless-protected-website-hosting branch from 08f44b1 to 4982c1a Compare August 5, 2017 20:19
@s0enke s0enke mentioned this pull request Aug 16, 2017
Merged
15 tasks
@s0enke
Copy link
Owner Author

s0enke commented Aug 20, 2017

superseeded by #14

@s0enke s0enke closed this Aug 20, 2017
@s0enke s0enke deleted the serverless-protected-website-hosting branch September 6, 2017 19:52
@s0enke s0enke mentioned this pull request Sep 7, 2017
Closed
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@s0enke