Basic HTTP Authentication for CloudFront with Lambda@Edge

lambda-basic-auth.js

'use strict';
exports.handler = (event, context, callback) => {

    // Get request and request headers
    const request = event.Records[0].cf.request;
    const headers = request.headers;

    // Configure authentication
    const authUser = 'user';
    const authPass = 'pass';

    // Construct the Basic Auth string
    const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');

    // Require Basic authentication
    if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
        const body = 'Unauthorized';
        const response = {
            status: '401',
            statusDescription: 'Unauthorized',
            body: body,
            headers: {
                'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}]
            },
        };
        callback(null, response);
    }

    // Continue request processing if authentication passed
    callback(null, request);
};

Can we pick the credentials from secret manager? can anyone help with the code?

Tried adding aws-cdk to lamda@edge function that is attached to viewer request but size limitation of 1MB for Viewer Request is blocking me. Because with the inclusion of aws-cdk package, the zip file size is increasing more than 4 MB (even with ssm package). Any other workaround for this problem ??

It looks like Amazon has no official documentation on how to do this, Authorizers are only documented to use token auth with APIs, not basic auth.

What is a better alternative to securing a dev or staging site from prying eyes such as dev.mysite.com Firewall with IP restrictions can be unreliable with changing IPs and hinder developer productivity?