Implements a simple basic auth function to attach to an AWS CloudFront distribution. Note that basic auth is inherently insecure and should not be used to protect content of value. It does work well to keep search engines and crawlers out of stage websites.
- Create a new Lambda function in us-east-1 (AWS does not support @Edge functions from other regions at this time.)
- Copy the contents of index.js to the new Lambda
- Replace {your-shared-username} and {your-shared-password} with actual values
- Attach to CloudFront as a viewer request function
One minor "gotcha" to be aware of is that @Edge Lambda functions require some additional permissions beyond typical AWS FaaS, namely lambda.amazonaws.com and edgelambda.amazonaws.com. Ensure the execution role has a trust policy that looks like this:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["lambda.amazonaws.com", "edgelambda.amazonaws.com"] }, "Action": "sts:AssumeRole" } ] }