Construct to create a private asset S3 bucket. A cognito token can be used to allow access to he S3 asset.
Project description
cdk-private-asset-bucket
A construct to create a private asset S3 bucket. Cognito will be used for token validation with Lambda@Edge.
Test PrivateBucketAsset
Create a test cdk stack with one of the following:
yarn cdk deploy
yarn cdk deploy --watch
yarn cdk deploy --require-approval never
- Upload a picture named like pic.png to the private asset bucket
- Create a user pool user and get / save the token:
USER_POOL_ID=us-east-1_0Aw1oPvD6
CLIENT_ID=3eqcgvghjbv4d5rv32hopmadu8
USER_NAME=martindev
USER_PASSWORD=M@rtindev1
REGION=us-east-1
CFD=d1f2bfdek3mzi7.cloudfront.net
aws cognito-idp admin-create-user --user-pool-id $USER_POOL_ID --username $USER_NAME --region $REGION
aws cognito-idp admin-set-user-password --user-pool-id $USER_POOL_ID --username $USER_NAME --password $USER_PASSWORD --permanent --region $REGION
ACCESS_TOKEN=$(aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id $CLIENT_ID --auth-parameters USERNAME=$USER_NAME,PASSWORD=$USER_PASSWORD --region $REGION | jq -r '.AuthenticationResult.AccessToken')
echo $ACCESS_TOKEN
echo "curl --location --request GET \"https://$CFD/pic.png\" --cookie \"Cookie: token=$ACCESS_TOKEN\""
- you can use the curl for importing in Postman. but it looks like Postman can't import the cookie. So you need to set the cookie manually in Postman!
- In Postman you should see your picture :)
Planned Features
- Support S3 bucket import ootb.
- Support custom authorizer
Thanks To
- Crespo Wang for his pioneer work regarding private S3 assets https://javascript.plainenglish.io/use-lambda-edge-jwt-to-secure-s3-bucket-dcca6eec4d7e
- As always to the amazing CDK / Projen Community. Join us on Slack!
- Projen project and the community around it
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for cdk-private-asset-bucket-1.143.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1045c4e40d6159d60e13babaaf39fa5356ffd409e43c80a39a1d9a8ac6ad70b6 |
|
MD5 | 2fc87342ebf7d2508854de2926a6d5ae |
|
BLAKE2b-256 | 6b8bb2b305af915cadbcb0cf4e1aaa1309bc6a38fbb81a95846b0e20b8364406 |
Close
Hashes for cdk_private_asset_bucket-1.143.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 749b2e278a12aefec97b25f35d6c468f1ec009de42d52ab0a80093754d1ce00f |
|
MD5 | a6c77ab01de309e143901431db68143e |
|
BLAKE2b-256 | 292b5f3078b8163467a31d67189348fa911ccc8c13a8c435042ca181f77c74f4 |