A collection of common tasks automated with CloudFormation.
s0enke / cloudformation-templates Goto Github PK
View Code? Open in Web Editor NEWCommon tasks automated by CloudFormation
License: MIT License
Common tasks automated by CloudFormation
License: MIT License
FYI This project appears to be affected by this issue. User is unable to clean up replicated lambda functions. The affected templates is cloudfront-edge-s3-bucket-password-protected
.
because it's unnesessary boilerplate and accidental deletion could break the pipeline / app. We should rather look up the service endpoint in the frontend build step directly, e.g. via cloudformation APIs
but they should be so there is no possible interference. Idea would be to use the zip files generated and uploaded by the serverless framework (or kick the serverless framework, because too bloated for this task).
should be retrieved from serverless
command somehow
Does the Load balancer - Lambda template cover how to attach a load balancer to the Lambda function. Currently on using that, I do not see load balancer being attached in the Lambda designer.
Could you please confirm if it is missing or if I am doing anything wrong?
I was currently referring to this:
https://github.com/s0enke/cloudformation-templates/blob/master/templates/lambda-alb-sam-sample.yaml
superseeds #12
Static website hosting is still a thing. And often, we want to protect our content e.g. with a password, for example when a website should not yet be public. While S3 provides a way to host static websites, it unfortunately offers no possibility to protect these websites with e.g. HTTP Basic Auth.
This CloudFormation template utilizes CloudFront with Origin Access Identity and Lambda@Edge to mimic a static website with basic auth password protection. Cognito userpools are used to manage users and credentials.
Date | Current Condition | Obstacle | Next Experiment/Step | Expected Outcome | Learned |
---|---|---|---|---|---|
I don't know how to protected an S3 bucket | Research |
|
|||
Too many unknowns with API gateway | Create prototype with API Gateway PROXY integration and custom authorizers | ||||
API Gateway PROXY INTEGRATION strips trailing slashes which makes it unusable in front of S3 buckets without static website hosting | try cloudfront and OIA |
(200 im OK fall und Object ausliefern und 401 im Non-Auth fall)
Date | Current Condition | Obstacle | Next Experiment/Step | Expected Outcome | Learned |
---|---|---|---|---|---|
Fixed credentials (Basic Auth) are not validated | Authorization Header wird nicht durchgereicht zu CdnOrigin Lambda, weil S3 Origin es nicht erlaubt | Authorization in X-Authorization umschreiben in Viewer-Request funktion | Authorization can be passed this way to Origin Request function |
|
|
08-21 | U/P is passed through to Origin Request function (which is allowed to make network calls e.g. to Cognito), but u/p is not yet validated | testing cycle for lambdas is too slow | write a simple makefile with lambda invoke for test calls to lambda@edge functions | development speeds up because cloudfront update is taken out of the test cycle |
|
08-25 | fixed U/P is not validated, target condition done |
Date | Current Condition | Obstacle | Next Experiment/Step | Expected Outcome | Learned |
---|---|---|---|---|---|
08-25 | No Cognito at all | No Cognito userpool conneciton in Lambda@Edge | implement it | A manually created user in a manually created userpool can be authorized though the Lambda@edge function |
|
09-05 | Manually created Cognito userpool integrated | Responses are cached at the Edge, so it apparently answers with a cached version even if not authorized | try to forbid caching at all | Forbidding caching will pass all requests to the Origin Request function |
|
09-05 | Manually created Cognito userpool integrated, but no CFN | Create Userpool via CFN and connect it | it works |
|
|
09-06 | CFN Userpool integrated, Subdirectories do not work, e.g. /blah/ does not lookup /blah/index.html | CloudFront does not support IndexDocument, but only a Default root object (see this SA | it works |
Next steps:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.