FYI This project appears to be affected by this issue. User is unable to clean up replicated lambda functions. The affected templates is cloudfront-edge-s3-bucket-password-protected.

because it's unnesessary boilerplate and accidental deletion could break the pipeline / app. We should rather look up the service endpoint in the frontend build step directly, e.g. via cloudformation APIs

but they should be so there is no possible interference. Idea would be to use the zip files generated and uploaded by the serverless framework (or kick the serverless framework, because too bloated for this task).

should be retrieved from serverless command somehow

Does the Load balancer - Lambda template cover how to attach a load balancer to the Lambda function. Currently on using that, I do not see load balancer being attached in the Lambda designer.

Could you please confirm if it is missing or if I am doing anything wrong?

I was currently referring to this:

https://github.com/s0enke/cloudformation-templates/blob/master/templates/lambda-alb-sam-sample.yaml

@s0enke

superseeds #12

Vision / Story

Static website hosting is still a thing. And often, we want to protect our content e.g. with a password, for example when a website should not yet be public. While S3 provides a way to host static websites, it unfortunately offers no possibility to protect these websites with e.g. HTTP Basic Auth.
This CloudFormation template utilizes CloudFront with Origin Access Identity and Lambda@Edge to mimic a static website with basic auth password protection. Cognito userpools are used to manage users and credentials.

Target Conditions

S3 bucket not open to the world (no static website hosting option enabled)

Fixed credentials (Basic Auth) are validated (no connection to Cognito yet)

(200 im OK fall und Object ausliefern und 401 im Non-Auth fall)

Cognito Connection (Infra via CloudFormation, and Implementation into Lambda)

Parking Lot / TODO

• Reset Numbers of Lambda Versions
• redirects
• /blah/ should find /blah/index.html
• /blah should redirect to /blah/
• Cloudfront Cache settings: make sure no authenticated response is cached and leaked to unauthenticated clients
• Route53 optional
  • Custom SSL Cert
  • Subdomain to path mapping optionl
• Caching optional
• test framework, e.g. with behave
• Cont. Integration / Pipeline
• check if Makefile is still needed
• cleanup and unify JS code
• use JWT and set cookie so we don't have to make the Cognito API call every time
• remove debug logs
• proper logging, e.g. success / fail and proper logger usage

Next steps:

• Signup page for users to remove the password-passing problem. Users sign themselves up and the admin adds them to e.g. a group which is authorized
• Find a mode how to use Signed Cookies anyway? Would offload lambda