How do I Restrict Access to My Static Website on Amazon S3 by asking for Credentials

Question

I'm hosting a Static Website on AmazonS3 (http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).

However, I wish to grant access to my page ONLY by authorizing and subsequently authenticating users.

What services are available (Heroku, etc.,) that allows me to do that? I would like the option of having login using their social networking IDs (facebook, twitter, etc.,).

Thanks for your direction on this.

Answer 1

The scenario you describe cannot be achieved purely via Amazon S3.

While there is security available in Amazon S3, it uses either:

• AWS credentials (that should not be issued to your application users), or
• Pre-Signed URLs that grant users temporary access to objects in Amazon S3 (but they need to be generated by an application)

You will need an application that accepts their login and verifies the level of access they are permitted. The application can then generate pre-signed URLs to grant access to specific objects in Amazon S3. The traditional way to provide such an application is on a web server running on Amazon EC2. (An alternative is to use Serverless code. Here is an example)

You could use Web Identity Federation to authenticate users via Facebook, Google and Amazon, as part of the above process.