- Newest
- Most votes
- Most comments
Hi,
What's wrong if you just have both, signed cookie check (inbuilt) and your implementation of IP address whitelists with CloudFront Functions? If any of the above failed - you do not provide access.
You can secure access to your S3 content using signed cookies and Lambda@Edge:
-
Write a Lambda function to check the requester's IP against an allow-list.
-
Configure CloudFront to use signed cookies for authentication.
-
Associate the Lambda function with CloudFront to trigger during viewer requests.
-
In the Lambda function, verify the requester's IP against the allow-list.
-
If authorized, generate a signed cookie granting access to the S3 content.
-
Set the signed cookie in the response headers.
-
Test and deploy the setup to restrict access based on IP allow-list.
Perhaps use WAF IP whitelist attached to your cloudfront. Block any IP not in the white list?
Relevant content
- asked a year ago
- Accepted Answerasked 6 months ago
- asked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 4 months ago