Lambda@edgeで S3+CloudFrontで簡単BASIC認証！

Lambda@edgeͰ S3+CloudFrontͰɺ؆୯BASICೝূʂ 2019೥9݄12೔ ୈ24ճ JAWS-UG ࡳຈ

ࡾӜҰथ ωοτσδλϧࣄۀ෦ ޷͖ͳAWSαʔϏε:CloudFront ޷͖ͳGCPαʔϏε:BigQuery

ݱ৔͔ΒώΞϦϯά ຋༁ɾ࣮૷ґཔ ςΫχΧϧσΟϨΫλʔʁ 43& 1.ʁ

Lambda@edge ͬͯͳʹʁ

S3 bucket CloudFront Client Linuxͱ͔ͪΐͬͱΘ͔Μͳ͍ͷͰɺ web্ཱͪ͛Α͏ͱ͢Δͱɺ͜ͷํ๏͔͠஌Βͳ͍ͷͰ͢ɻ CloudFront େ޷͖

ʮ.htaccess ͱ͔Ͳ͏͢Μͷʁʯ

ͪΐͬͱɺΘ͔Μͳ͍

S3 bucket CloudFront Client Lambda@edge BASICೝূ

Ϧʔδϣϯ͸ όʔδχΞ๺෦

Node.jsͷ৔߹

ʮsite:dev.classmethod.jp lambda BASICೝূʯ Ͱάάͬͯɺίϐϖ https://dev.classmethod.jp/cloud/aws/basic-auth-s3-cloudfront-lambda/

'use strict'; exports.handler = (event, context, callback) => { //
Get request and request headers const request = event.Records[0].cf.request; const headers = request.headers; // Configure authentication const authUser = 'user'; const authPass = 'pass'; // Construct the Basic Auth string const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64'); // Require Basic authentication if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) { const body = 'Unauthorized'; const response = { status: '401', statusDescription: 'Unauthorized', body: body, headers: { 'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}] }, }; callback(null, response); } // Continue request processing if authentication passed callback(null, request); };

'use strict'; exports.handler = (event, context, callback) => { //
Get request and request headers const request = event.Records[0].cf.request; const headers = request.headers; // Configure authentication const authUser = 'user'; const authPass = 'pass'; // Construct the Basic Auth string const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64'); // Require Basic authentication if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) { const body = 'Unauthorized'; const response = { status: '401', statusDescription: 'Unauthorized', body: body, headers: { 'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}] }, }; callback(null, response); } // Continue request processing if authentication passed callback(null, request); }; ͚ͩ͜͜ɺม͑Δ

ࠓ౓͸ΞΫγϣϯΛԡ͢ ϙνο

๺෦όʔδχΞ͚ͩʮػೳʯͬͯͷ͕͋Δ ๺෦όʔδχΞ ౦ژ

Πϕϯτ͸શ෦Ͱ4छྨ ࠓճ͸ʮϏϡʔΞʔϦΫΤετʯΛબ୒

ͪΐͬͱɺ଴ͭ

σϓϩΠυ

CloudFrontͷBehaviorͷԼͷํ ͏·͘ɺͰ͖ͯͦ͏

ΞΫηεͯ͠ΈΔ Ͱ͖ͨʂʂ

Lambda@edge ଞʹ΋͍Ζ͍ΖͰ͖ΔΒ͍͠ʂ Έͳ͞Μɺͥͻ৮ͬͯΈ͍ͯͩ͘͞ʂ

Lambda@edgeで S3+CloudFrontで簡単BASIC認証！

Lambda@edgeで S3+CloudFrontで簡単BASIC認証！

Kazuki Miura

More Decks by Kazuki Miura

Other Decks in Technology

Featured

Transcript

Lambda@edgeͰ S3+CloudFrontͰɺ؆୯BASICೝূʂ 2019೥9݄12೔ ୈ24ճ JAWS-UG ࡳຈ

ࡾӜҰथ ωοτσδλϧࣄۀ෦ ޷͖ͳAWSαʔϏε:CloudFront ޷͖ͳGCPαʔϏε:BigQuery

ݱ৔͔ΒώΞϦϯά ຋༁ɾ࣮૷ґཔ ςΫχΧϧσΟϨΫλʔʁ 43& 1.ʁ

Lambda@edge ͬͯͳʹʁ

S3 bucket CloudFront Client Linuxͱ͔ͪΐͬͱΘ͔Μͳ͍ͷͰɺ web্ཱͪ͛Α͏ͱ͢Δͱɺ͜ͷํ๏͔͠஌Βͳ͍ͷͰ͢ɻ CloudFront େ޷͖

ʮ.htaccess ͱ͔Ͳ͏͢Μͷʁʯ

ͪΐͬͱɺΘ͔Μͳ͍

S3 bucket CloudFront Client Lambda@edge BASICೝূ

Ϧʔδϣϯ͸ όʔδχΞ๺෦

Node.jsͷ৔߹

ʮsite:dev.classmethod.jp lambda BASICೝূʯ Ͱάάͬͯɺίϐϖ https://dev.classmethod.jp/cloud/aws/basic-auth-s3-cloudfront-lambda/

'use strict'; exports.handler = (event, context, callback) => { //

'use strict'; exports.handler = (event, context, callback) => { //

ࠓ౓͸ΞΫγϣϯΛԡ͢ ϙνο

๺෦όʔδχΞ͚ͩʮػೳʯͬͯͷ͕͋Δ ๺෦όʔδχΞ ౦ژ

Πϕϯτ͸શ෦Ͱ4छྨ ࠓճ͸ʮϏϡʔΞʔϦΫΤετʯΛબ୒

ͪΐͬͱɺ଴ͭ

σϓϩΠυ

CloudFrontͷBehaviorͷԼͷํ ͏·͘ɺͰ͖ͯͦ͏

ΞΫηεͯ͠ΈΔ Ͱ͖ͨʂʂ

Lambda@edge ଞʹ΋͍Ζ͍ΖͰ͖ΔΒ͍͠ʂ Έͳ͞Μɺͥͻ৮ͬͯΈ͍ͯͩ͘͞ʂ