Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[email protected]で S3+CloudFrontで簡単BASIC認証!

Kazuki Miura
September 12, 2019

[email protected]で S3+CloudFrontで簡単BASIC認証!

20190912_JAWSUG札幌_LT1

Kazuki Miura

September 12, 2019
Tweet

More Decks by Kazuki Miura

Other Decks in Technology

Transcript

  1. [email protected]Ͱ
    S3+CloudFrontͰɺ؆୯BASICೝূʂ
    2019೥9݄12೔
    ୈ24ճ JAWS-UG ࡳຈ

    View Slide

  2. ࡾӜҰथ
    ωοτσδλϧࣄۀ෦
    ޷͖ͳAWSαʔϏε:CloudFront
    ޷͖ͳGCPαʔϏε:BigQuery

    View Slide

  3. ݱ৔͔ΒώΞϦϯά
    ຋༁ɾ࣮૷ґཔ
    ςΫχΧϧσΟϨΫλʔʁ
    43& 1.ʁ

    View Slide

  4. [email protected]
    ͬͯͳʹʁ

    View Slide

  5. S3 bucket CloudFront Client
    Linuxͱ͔ͪΐͬͱΘ͔Μͳ͍ͷͰɺ
    web্ཱͪ͛Α͏ͱ͢Δͱɺ͜ͷํ๏͔͠஌Βͳ͍ͷͰ͢ɻ
    CloudFront େ޷͖

    View Slide

  6. ʮ.htaccess ͱ͔Ͳ͏͢Μͷʁʯ

    View Slide

  7. ͪΐͬͱɺΘ͔Μͳ͍

    View Slide

  8. S3 bucket CloudFront Client
    [email protected]
    BASICೝূ

    View Slide

  9. Ϧʔδϣϯ͸
    όʔδχΞ๺෦

    View Slide

  10. Node.jsͷ৔߹

    View Slide

  11. ʮsite:dev.classmethod.jp lambda BASICೝূʯ
    Ͱάάͬͯɺίϐϖ
    https://dev.classmethod.jp/cloud/aws/basic-auth-s3-cloudfront-lambda/

    View Slide

  12. 'use strict';
    exports.handler = (event, context, callback) => {
    // Get request and request headers
    const request = event.Records[0].cf.request;
    const headers = request.headers;
    // Configure authentication
    const authUser = 'user';
    const authPass = 'pass';
    // Construct the Basic Auth string
    const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');
    // Require Basic authentication
    if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
    const body = 'Unauthorized';
    const response = {
    status: '401',
    statusDescription: 'Unauthorized',
    body: body,
    headers: {
    'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}]
    },
    };
    callback(null, response);
    }
    // Continue request processing if authentication passed
    callback(null, request);
    };

    View Slide

  13. 'use strict';
    exports.handler = (event, context, callback) => {
    // Get request and request headers
    const request = event.Records[0].cf.request;
    const headers = request.headers;
    // Configure authentication
    const authUser = 'user';
    const authPass = 'pass';
    // Construct the Basic Auth string
    const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');
    // Require Basic authentication
    if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
    const body = 'Unauthorized';
    const response = {
    status: '401',
    statusDescription: 'Unauthorized',
    body: body,
    headers: {
    'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}]
    },
    };
    callback(null, response);
    }
    // Continue request processing if authentication passed
    callback(null, request);
    };
    ͚ͩ͜͜ɺม͑Δ

    View Slide

  14. ࠓ౓͸ΞΫγϣϯΛԡ͢
    ϙνο

    View Slide

  15. ๺෦όʔδχΞ͚ͩʮػೳʯͬͯͷ͕͋Δ
    ๺෦όʔδχΞ ౦ژ

    View Slide

  16. Πϕϯτ͸શ෦Ͱ4छྨ
    ࠓճ͸ʮϏϡʔΞʔϦΫΤετʯΛબ୒

    View Slide

  17. ͪΐͬͱɺ଴ͭ

    View Slide

  18. σϓϩΠυ

    View Slide

  19. CloudFrontͷBehaviorͷԼͷํ
    ͏·͘ɺͰ͖ͯͦ͏

    View Slide

  20. ΞΫηεͯ͠ΈΔ
    Ͱ͖ͨʂʂ

    View Slide

  21. [email protected]
    ଞʹ΋͍Ζ͍ΖͰ͖ΔΒ͍͠ʂ
    Έͳ͞Μɺͥͻ৮ͬͯΈ͍ͯͩ͘͞ʂ

    View Slide