Skip to main content


Project description


s3authbasic is a Pyramid application aimed to serve a static websites stored in Amazon S3 protected by Auth Basic authentication. You need a IAM user with its credentials and read access on the bucket which contains the static files.

Amazon Settings

I assumed that you have a protected bucket. To create the IAM user with the correct permissions you need go to the IAM app in the AWS Console

Click Users section and click in the Creare New User blue button.

Enter the username you want. It can’t contains whitespaces. And click on create

Click on Download Credential or write down the credentials info.

Now, we need to add the policy to give read access permissions to the user.

Click in the created user and go to the permissions tab below.

Click on the Attach User Policy.

Click on Custom Policy and in the Select button.

Give a policy name, like s3-reader-policy.

Copy the follow block in the Policy Document box. Please, replace protected-html with your bucket name.

    "Statement": [
       "Effect": "Allow",
       "Action": [
       "Resource": [

Application deployment

I suggest you to use a virtualenv but I don’t use that in this doc.

pip install s3authbasic

You need a Pyramid ini settings file. You can find one example in the github reposity in the config-templates directory.


You can config the app by editing the settings file or by using envionment variables.

If you want to use the file, then the AWS and the user settings are documented in the file.

The AWS environment variables are like this:

export AWS_BUCKET_NAME='bucketname'
export AWS_SECRET_ACCESS_KEY='12312sdf32'
export AES_ACCESS_KEY_ID='123123123aaa'

To define users to access the app, the variable should starts with USER_. The user name is the word after the underscore character and shoud be defined in the correct capitalization. This is, if you want a user called admin, you should create the environment variable USER_admin.

You can setup many users as you need.

The password should be hashed by sha256.

You can get the hash of your password by this command in linux:

echo -n thepassword | sha256sum

The environment variable should look like this:

export USER_admin='123123123123123123123'

NOTE: In 0.1.3 version we added encoding utf-8 option to password, so if you want to use non ascii characters, the hash can vary. You can use something like this in a terminal. You need the hashlib package from pypi.

from hashlib import sha256
sha256('your password!!'.encode('utf-8')).hexdigest()

Start the application

You should use the follow command if you have customized the ini file:

pserve development.ini

Otherwise, you can use this command:


If you are using the default ini file, the application should be available in the 6543 port. If you have deployed the app in your own system, you can access it through


  • Fix UTF8 passwords problems


  • Fix path with whitespaces

  • Fix settings relative location and the default package location detection


  • Fix WebTest error

  • Add files needed by heroku


  • The first published version


  • Initial version

Project details

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page