The document discusses using Lambda@Edge to implement basic authentication for serverless web applications without requiring changes to the application itself. It proposes using Lambda@Edge functions to check requests to CloudFront for a basic authentication header and return 401 responses if not present. This allows restricting access to development environments while avoiding IP restrictions or requiring changes to the application code. The presentation provides requirements, the proposed solution, and a demo of the Cloudformation template and browser experience.

1. webscale.fi
Basic authentication
with Lambda@Edge
Juho Rautio, Senior Consultant, Partner
Webscale Oy
@Spaideri

2. webscale.fi
Webscale Oy
● Employee owned
● 18 employees
● Revenue +1M 2018
● Number of AWS Certifications 17
● AWS Advanced Consulting Partner
● HIRING Fullstack developers
2

3. webscale.fi
Disclaimer
Do NOT use this solution to protect any
production environments or sensitive data!
3

4. webscale.fi
Serverless Web Application infrastructure
4

5. webscale.fi
Lambda@Edge
● Execute Lambda functions for CloudFront requests and responses
● Limited network accessibility and resources
● Must be deployed to the us-east-1 region
● Super handy for SPA routing and enforcing CSP Headers
● Eliminates need for http-server for simple tasks
5

6. webscale.fi
Requirements
● Restrict access to the development environments
● Serverless solution
● Authorization header reserved for JWT Bearer token (No Basic auth)
● No cumbersome WAF IP-restrictions
● Can’t use a custom HTTP header (Difficult to set on mobile test devices)
● Don’t want to infect or change the Web Application
6

7. webscale.fi
Solution
7

8. webscale.fi
Demo
● Cloudformation
● Browser demo
8

9. webscale.fi
Questions?
Juho Rautio
Senior Consultant, Partner
@Spaideri
webscale.fi
9
github.com/webscale-oy/
aws-cloudfront-basic-auth