- Más nuevo
- Más votos
- Más comentarios
Hi,
What's wrong if you just have both, signed cookie check (inbuilt) and your implementation of IP address whitelists with CloudFront Functions? If any of the above failed - you do not provide access.
You can secure access to your S3 content using signed cookies and Lambda@Edge:
-
Write a Lambda function to check the requester's IP against an allow-list.
-
Configure CloudFront to use signed cookies for authentication.
-
Associate the Lambda function with CloudFront to trigger during viewer requests.
-
In the Lambda function, verify the requester's IP against the allow-list.
-
If authorized, generate a signed cookie granting access to the S3 content.
-
Set the signed cookie in the response headers.
-
Test and deploy the setup to restrict access based on IP allow-list.
Perhaps use WAF IP whitelist attached to your cloudfront. Block any IP not in the white list?
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años