Menu
I have a static HTML site hosted on Amazon S3.
Ideally I want to be able to limit access to a staging site in the same way as with a .htaccess/.htpasswd file.
I understand that bucket policies can be used to limit access (I have already used one to make the bucket contents publicly accessible), but I can't see any way to limit access.
In an ideal situation I would like an auth prompt - but appending a token to a URL would also work.
834
The implementation relies on AWS CloudFront and Lambda@Edge functions to implement basic authentication for Amazon S3 bucket. CloudFront is used as a frontend to S3 access. A custom lambda function intercepts all requests to the CloudFront distribution and checks them for valid basic auth credentials as follows:
HTTP request is processed by the service and then re-translated to Amazon S3 internal authentication scheme: This architecture diagram explains how the project is implemented. The PNG picture is loaded from Amazon S3 bucket maven.s3auth.com, which is not readable anonymously. Full URL of this image is Show activity on this post.
By layering multiple AWS services you can achieve something close to Basic HTTP Authorisation. Create a s3 static site. Use AWS WAF to create a rule which only allows requests with the correct http Authorization header. This will be a sting match rule on the contents of the Authorization header.
First, you’ll need two S3 buckets, both should match your custom domain name with the second including the www subdomain. The first bucket (mywebsite.com) is the main bucket for your site. This contains all your files and assets for your static website.
Yes, this is possible: checkout s3auth (no affiliation).
135
I think the AWS SDK for Javascript is what you're looking for. It allows you to login with Facebook, Google or Amazon. Here's another resource using AWS login.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
