This is a simple implementation of Basic Authentication in AWS Lambda@Edge for controlling access of CloudFront distribution.
To use this lambda, you have to config as follow
- Deploy this lambda function in
us-east-1
. The function MUST be deployed inus-east-1
for lambda@edge. - Use the following
AssumeRole
for this lambda execution role, edit in IAM / Roles / Your Lambda Execution Role / Trust Relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"Service": "edgelambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
- Publish a version of the lambda
- In CloudFront, config the distribution Lambda Function Associations, set the CloudFront Event to Viewer Request, set your versioned lambda ARN, and leave Include Body unchecked.