By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Set Cloudfront signed cookie depending on the source IP adress

0

Hey, I want to secure the access to my S3 content with a signed cookie which checks trough a Lambda function if the IP adress of the requester is in a specified list. Is there any way to achive this?

BR Mark

Topics
ServerlessComputeNetworking & Content Delivery
Tags
AWS LambdaAmazon CloudFront
Language
English
Mark Wiesenthal
asked 5 months ago146 views
3 Answers
0

Hi,

What's wrong if you just have both, signed cookie check (inbuilt) and your implementation of IP address whitelists with CloudFront Functions? If any of the above failed - you do not provide access.

profile picture
EXPERT
Dmytro Sirant
answered 5 months ago
0

You can secure access to your S3 content using signed cookies and Lambda@Edge:

  1. Write a Lambda function to check the requester's IP against an allow-list.

  2. Configure CloudFront to use signed cookies for authentication.

  3. Associate the Lambda function with CloudFront to trigger during viewer requests.

  4. In the Lambda function, verify the requester's IP against the allow-list.

  5. If authorized, generate a signed cookie granting access to the S3 content.

  6. Set the signed cookie in the response headers.

  7. Test and deploy the setup to restrict access based on IP allow-list.

profile picture
EXPERT
Giovanni Lauria
answered a month ago
0

Perhaps use WAF IP whitelist attached to your cloudfront. Block any IP not in the white list?

profile picture
EXPERT
Gary Mclean
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content