参考記事
関数の実装は以下を参考にさせていただきました。ありがとうございます。
https://dev.classmethod.jp/articles/apply-basic-authentication-password-with-cloudfront-functions/
IDとPASSの生成
$ echo -n "id:pass" | base64
aWQ6cGFzcw==が生成されます。
Terraform定義
CloudFront FunctionをTerraformで定義します。
関数の実装は、上述の記事を参考にさせていただきました。
resource "aws_cloudfront_function" "basic_auth" {
name = "basic_auth"
runtime = "cloudfront-js-1.0"
comment = "Basic Auth"
publish = true
code = <<EOT
function handler(event) {
var request = event.request;
var headers = request.headers;
var authString = "Basic aWQ6cGFzcw==";
if (
typeof headers.authorization === "undefined" ||
headers.authorization.value !== authString
) {
return {
statusCode: 401,
statusDescription: "Unauthorized",
headers: { "www-authenticate": { value: "Basic" } }
};
}
return request;
}
EOT
}
既存のCloudFrontの定義に追加します。
resource "aws_cloudfront_distribution" "cloudfront" {
enabled = true
is_ipv6_enabled = true
price_class = "PriceClass_All"
http_version = "http2"
default_root_object = "index.html"
origin {
domain_name = "${aws_s3_bucket.s3.bucket}.s3-website-ap-northeast-1.amazonaws.com"
origin_id = "xxxxxxxxxx"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = [
"TLSv1", "TLSv1.1", "TLSv1.2"
]
}
}
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "xxxxxxxxxx"
viewer_protocol_policy = "redirect-to-https"
default_ttl = 0
min_ttl = 0
max_ttl = 0
forwarded_values {
query_string = true
cookies {
forward = "all"
}
headers = []
}
function_association {
event_type = "viewer-request"
function_arn = aws_cloudfront_function.basic_auth.arn
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = false
acm_certificate_arn = var.acm_edge_arn
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}
}
以下の部分に注目してください。
function_association {
event_type = "viewer-request"
function_arn = aws_cloudfront_function.basic_auth.arn
}
以上