Lambda@edgeで S3+CloudFrontで簡単BASIC認証！ - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Lambda@edgeͰ S3+CloudFrontͰɺ؆୯BASICೝূʂ 2019೥9݄12೔ ୈ24ճ JAWS-UG ࡳຈ

Slide 2

Slide 2 text

ࡾӜҰथ ωοτσδλϧࣄۀ෦ ޷͖ͳAWSαʔϏε:CloudFront ޷͖ͳGCPαʔϏε:BigQuery

Slide 3

Slide 3 text

ݱ৔͔ΒώΞϦϯά ຋༁ɾ࣮૷ґཔ ςΫχΧϧσΟϨΫλʔʁ 43& 1.ʁ

Slide 4

Slide 4 text

Lambda@edge ͬͯͳʹʁ

Slide 5

Slide 5 text

S3 bucket CloudFront Client Linuxͱ͔ͪΐͬͱΘ͔Μͳ͍ͷͰɺ web্ཱͪ͛Α͏ͱ͢Δͱɺ͜ͷํ๏͔͠஌Βͳ͍ͷͰ͢ɻ CloudFront େ޷͖

Slide 6

Slide 6 text

ʮ.htaccess ͱ͔Ͳ͏͢Μͷʁʯ

Slide 7

Slide 7 text

ͪΐͬͱɺΘ͔Μͳ͍

Slide 8

Slide 8 text

S3 bucket CloudFront Client Lambda@edge BASICೝূ

Slide 9

Slide 9 text

Ϧʔδϣϯ͸ όʔδχΞ๺෦

Slide 10

Slide 10 text

Node.jsͷ৔߹

Slide 11

Slide 11 text

ʮsite:dev.classmethod.jp lambda BASICೝূʯ Ͱάάͬͯɺίϐϖ https://dev.classmethod.jp/cloud/aws/basic-auth-s3-cloudfront-lambda/

Slide 12

Slide 12 text

'use strict'; exports.handler = (event, context, callback) => { // Get request and request headers const request = event.Records[0].cf.request; const headers = request.headers; // Configure authentication const authUser = 'user'; const authPass = 'pass'; // Construct the Basic Auth string const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64'); // Require Basic authentication if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) { const body = 'Unauthorized'; const response = { status: '401', statusDescription: 'Unauthorized', body: body, headers: { 'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}] }, }; callback(null, response); } // Continue request processing if authentication passed callback(null, request); };

Slide 13

Slide 13 text

'use strict'; exports.handler = (event, context, callback) => { // Get request and request headers const request = event.Records[0].cf.request; const headers = request.headers; // Configure authentication const authUser = 'user'; const authPass = 'pass'; // Construct the Basic Auth string const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64'); // Require Basic authentication if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) { const body = 'Unauthorized'; const response = { status: '401', statusDescription: 'Unauthorized', body: body, headers: { 'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}] }, }; callback(null, response); } // Continue request processing if authentication passed callback(null, request); }; ͚ͩ͜͜ɺม͑Δ

Slide 14

Slide 14 text

ࠓ౓͸ΞΫγϣϯΛԡ͢ ϙνο

Slide 15

Slide 15 text

๺෦όʔδχΞ͚ͩʮػೳʯͬͯͷ͕͋Δ ๺෦όʔδχΞ ౦ژ

Slide 16

Slide 16 text

Πϕϯτ͸શ෦Ͱ4छྨ ࠓճ͸ʮϏϡʔΞʔϦΫΤετʯΛબ୒

Slide 17

Slide 17 text

ͪΐͬͱɺ଴ͭ

Slide 18

Slide 18 text

σϓϩΠυ

Slide 19

Slide 19 text

CloudFrontͷBehaviorͷԼͷํ ͏·͘ɺͰ͖ͯͦ͏

Slide 20

Slide 20 text

ΞΫηεͯ͠ΈΔ Ͱ͖ͨʂʂ

Slide 21

Slide 21 text

Lambda@edge ଞʹ΋͍Ζ͍ΖͰ͖ΔΒ͍͠ʂ Έͳ͞Μɺͥͻ৮ͬͯΈ͍ͯͩ͘͞ʂ