Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Set Cloudfront signed cookie depending on the source IP adress

0

Hey, I want to secure the access to my S3 content with a signed cookie which checks trough a Lambda function if the IP adress of the requester is in a specified list. Is there any way to achive this?

BR Mark

Temas
Sin servidorCálculoRedes y entrega de contenido
Etiquetas
AWS LambdaAmazon CloudFront
Idioma
English
Mark Wiesenthal
preguntada hace 6 meses160 visualizaciones
3 Respuestas
0

Hi,

What's wrong if you just have both, signed cookie check (inbuilt) and your implementation of IP address whitelists with CloudFront Functions? If any of the above failed - you do not provide access.

profile picture
EXPERTO
Dmytro Sirant
respondido hace 6 meses
0

You can secure access to your S3 content using signed cookies and Lambda@Edge:

  1. Write a Lambda function to check the requester's IP against an allow-list.

  2. Configure CloudFront to use signed cookies for authentication.

  3. Associate the Lambda function with CloudFront to trigger during viewer requests.

  4. In the Lambda function, verify the requester's IP against the allow-list.

  5. If authorized, generate a signed cookie granting access to the S3 content.

  6. Set the signed cookie in the response headers.

  7. Test and deploy the setup to restrict access based on IP allow-list.

profile picture
EXPERTO
Giovanni Lauria
respondido hace 2 meses
0

Perhaps use WAF IP whitelist attached to your cloudfront. Block any IP not in the white list?

profile picture
EXPERTO
Gary Mclean
respondido hace 2 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante