An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
Protect your Amazon CloudFront content Authorization@Edge using cookies
Customers who host private web apps on Amazon CloudFront may struggle with a challenge: how to prevent unauthenticated users from downloading the web apps source code.
This is an interesting solution, but if you don't request public and private content, it's overkill and can become really complex quickly.
Authorization@Edge - How to Use Lambda@Edge and JSON Web Tokens to Enhance Web Application Security
Authorization, the function of specifying access rights to resources is often required to help protect restricted
aws.amazon.com
If you simply have a CloudFront distribution you wish a user to auth first with Cognito before viewing this is probably a great option.
Authorization@Edge using cookies: Protect your Amazon CloudFront content from being downloaded by
Enterprise customers who host private web apps on Amazon CloudFront may struggle with a challenge: how to prevent
aws.amazon.com
You can deploy this solution from the AWS Serverless Application Repository. It's easiest to just leave everything as default so you can successfully deploy it and have something working to look at and maybe modify for your own specific needs.
Solution Flow
Part 1 Sign in attempt
aws.amazon.com
Part 2 Authentication and verification
aws.amazon.com
Part 3 Redirect and access
aws.amazon.com
Recognition
The earlier AWS blog that investigated wiring up Cognito authentication with Lambda@Edge: https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/
A gist that shows how to add Basic Authentication using Lambda@Edge: https://gist.github.com/lmakarov/e5984ec16a76548ff2b278c06027f1a4
An open-source project that uses a similar approach to secure CloudFront distributions, but does not yet support Cognito (at the time of this writing): https://github.com/Widen/cloudfront-auth
Additional resources
Check out the code on GitHub to see how the sample solution is built. You can deploy and run the code yourself: https://github.com/aws-samples/cloudfront-authorization-at-edge.
You can deploy the Amazon Cognito resources from the sample solution directly from the AWS Serverless Application Repository.
10
Original Link: https://dev.to/aws-builders/protect-your-amazon-cloudfront-content-authorizationedge-using-cookies-366c
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To