使用AWS&的静态站点的基本用户身份验证S3水桶 [英] Basic User Authentication for Static Site using AWS & S3 Bucket

问题描述

我希望将基本用户身份验证添加到我将在AWS上使用的静态站点，以便只有那些将提供给这些用户的用户名和密码正确的用户才能访问该站点.我找到了s3auth，这似乎正是我要寻找的东西，但是，我想知道是否需要以某种方式为除index.html之外的页面设置授权.例如，我有3个页面，分别是index，about和contact.html，而没有为about.html进行身份验证的设置是什么阻止了个人通过www.mywebsite.com/about.html直接访问该网站?我更希望获得澄清或任何人可以提供的任何资源来解释这一点！

I am looking to add Basic User Authentication to a Static Site I will have up on AWS so that only those with the proper username + password which I will supply to those users have access to see the site. I found s3auth and it seems to be exactly what I am looking for, however, I am wondering if I will need to somehow set the authorization for pages besides the index.html. For example, I have 3 pages- index, about and contact.html, without authentication setup for about.html what is stopping an individual for directly accessing the site via www.mywebsite.com/about.html? I am more so looking for clarification or any resources anyone can provide to explain this!

谢谢您的帮助！

推荐答案

这是Lambda @ Edge的完美用法.

This is the perfect use for Lambda@Edge.

由于您要在S3上托管静态站点，因此可以使用AWS的内容分发网络CloudFront轻松，非常经济(便士)为您的站点添加一些非常好的功能，以便为您的站点提供站点服务.您可以学习如何使用CloudFront(包括100％免费SSL)在S3上托管您的网站此处.

Since you're hosing your static site on S3, you can easily and very economically (pennies) add some really great features to your site by using CloudFront, AWS's content distribution network, to serve your site to your site. You can learn how to setup host your site on S3 with CloudFront (including 100% free SSL) here.

在部署CloudFront发行版时，您将有一些时间来设置Lambda，并将其用于执行基本用户身份验证.如果这是您第一次创建Lambda或创建供@Edge使用的Lambda，则过程将感觉非常复杂，但是如果您按照下面的逐步说明进行操作，则将无限制地进行无服务器基本身份验证在不到10分钟的时间内即可扩展.我将为此使用us-east-1，并且必须知道，如果您使用的是Lambda @ Edge，则应在us-east-1中编写函数，并将它们与CloudFront发行版关联时，会自动全局复制.让我们开始...

While your CloudFront distribution is deploying, you'll have some time to go setup you Lambda, that you'll be using to do the basic user auth. If this is your first time creating a Lambda or creating a Lambda for use @Edge the process is going to feel really complex, but if you follow my step-by-step instructions below you'll be doing serverless basic-auth that is infinitely scaleable in less than 10 minutes. I'm going to use us-east-1 for this and it's important to know that if you're using Lambda@Edge you should author your functions in us-east-1, and when they're associated with your CloudFront distribution they'll automagically be replicated globally. Let's begin...

1. 转到AWS控制台中的Lambda，然后单击"创建函数"
2. 从头开始创建Lambda并为其命名
3. 将运行时设置为Node.js 8.10
4. 通过选择选择或创建执行角色"为Lambda授予一些权限
5. 给角色起一个名字
6. 从策略模板中选择基本Lambda @ Edge权限(用于CloudFront触发器)"
7. 点击创建功能"
8. 创建Lambda后，请使用以下代码并将其粘贴到Function Code部分的index.js文件中-您可以通过更改authUser和authPass变量来更新要使用的用户名和密码:

1. Head over to Lambda in the AWS console, and click on "Create Function"
2. Create your Lambda from scratch and give it a name
3. Set your runtime as Node.js 8.10
4. Give your Lambda some permissions by selecting "Choose or create an execution role"
5. Give the role a name
6. From Policy Templates select "Basic Lambda@Edge permissions (for CloudFront trigger)"
7. Click "Create function"
8. Once your Lambda is created take the following code and paste it in to the index.js file of the Function Code section - you can update the username and password you want to use by changing the authUser and authPass variables:

'use strict';
exports.handler = (event, context, callback) => {

    // Get request and request headers
    const request = event.Records[0].cf.request;
    const headers = request.headers;

    // Configure authentication
    const authUser = 'user';
    const authPass = 'pass';

    // Construct the Basic Auth string
    const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');

    // Require Basic authentication
    if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
        const body = 'Unauthorized';
        const response = {
            status: '401',
            statusDescription: 'Unauthorized',
            body: body,
            headers: {
                'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}]
            },
        };
        callback(null, response);
    }

    // Continue request processing if authentication passed
    callback(null, request);
};

1. 单击右上角的保存".
2. 现在，您的Lambda已保存，可以连接到CloudFront发行版了.在上方菜单中，选择操作->部署到Lambda @ Edge.
3. 在出现的模式中，从下拉菜单中选择您之前创建的CloudFront分配，将缓存行为"保留为*，对于CloudFront事件，将其更改为查看器请求"，最后选择/勾选包括正文" .选择/勾选确认部署到Lambda @ Edge，然后单击部署".

现在您等待.在所有区域和边缘位置复制Lambda @ Edge需要几分钟(15-20).转到CloudFront监视功能的部署.当CloudFront分布状态显示为已部署"时，即可使用Lambda @ Edge函数.

And now you wait. It takes a few minutes (15-20) to replicate your Lambda@Edge across all regions and edge locations. Go to CloudFront to monitor the deployment of your function. When your CloudFront Distribution Status says "Deployed" your Lambda@Edge function is ready to use.

这篇关于使用AWS&的静态站点的基本用户身份验证S3水桶的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！