0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

CloudFront + S3 + Cookie認証

Last updated at Posted at 2019-06-28

S3

特になし 通常通り
publicアクセスとかは無し

Cloud Front

CNAMEなどの設定は省略

Origin設定

スクリーンショット 2019-06-24 16.27.35.png

  • Restrict Bucket AccessYesに設定
  • Origin Access IdentityCreate a New Identityとすると、新規にオリジンアクセスアイデンティティが作成される
  • Grant Read Permissions on BucketYes, Update Bucket Policyとすると、S3バケットのバケットポリシーが自動で更新される

Behavior設定

スクリーンショット 2019-06-24 16.28.47.png

  • Restrict Viewer AccessYesにする
  • Trusted SignersSelfにチェック

カスタムPolicy

{
  "Statement": [
	{
	"Resource": "https://hogehoge.com/*",
	"Condition": {
	    "DateLessThan": {
		"AWS:EpochTime": 1561417200
	    }
	}
     }
  ]
}

認証に必要なCookie

CloudFront-Policy
cat policy.json | openssl base64 | tr '+=/' '-_~'

CloudFront-Signature
cat policy.json | openssl sha1 -sign pk.pem | openssl base64 | tr '+=/' '-_~'

CloudFront-Expires
Epoch Time Format

CloudFront-Key-Pair-Id
Cloud Frontの認証キーID(ルートアカウントでしか作れない)

:warning: Reourceにワイルドカード使う場合は、カスタムポリシーを使う

CORS設定

Behaviorsにて、
Cache Based on Selected Request HeadersWhitelist
Whitelist HeadersOrigin``Access-Control-Request-Headers``Access-Control-Request-MethodをAdd
スクリーンショット 2019-06-28 18.01.35.png

S3のアクセス権限にて

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>https://hogehoge.com</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

とかって感じで保存

Test

curl -H 'Cookie: CloudFront-Expires=1741360031; CloudFront-Policy=; CloudFront-Signature=; CloudFront-Key-Pair-Id=XXXXXX' https://hogehoge.com/hoge/sample.html
0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?