Reputation: 993
How do I Restrict Access to My Static Website on Amazon S3 by asking for Credentials
I'm hosting a Static Website on AmazonS3 (http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
However, I wish to grant access to my page ONLY by authorizing and subsequently authenticating users.
What services are available (Heroku, etc.,) that allows me to do that? I would like the option of having login using their social networking IDs (facebook, twitter, etc.,).
Thanks for your direction on this.
Upvotes: 4
Views: 4382
Answers (1)
Reputation: 269340
The scenario you describe cannot be achieved purely via Amazon S3.
While there is security available in Amazon S3, it uses either:
- AWS credentials (that should not be issued to your application users), or
- Pre-Signed URLs that grant users temporary access to objects in Amazon S3 (but they need to be generated by an application)
You will need an application that accepts their login and verifies the level of access they are permitted. The application can then generate pre-signed URLs to grant access to specific objects in Amazon S3. The traditional way to provide such an application is on a web server running on Amazon EC2. (An alternative is to use Serverless code. Here is an example)
You could use Web Identity Federation to authenticate users via Facebook, Google and Amazon, as part of the above process.
Upvotes: 3
Related Questions
- S3 Static Website Hosting Route All Paths to Index.html
- Amazon S3 Redirect and Cloudfront
- Amazon Web Services hosting static website
- Create cell phone number authentication with Firebase
- How to amazon s3 update file in bucket to public access
- A static website on AWS not acccessible
- Main domain for AWS S3 static hosting and sub domain for api
- S3 bucket setup as Static Website not forwarding to index.html page
- Static website aliasing - doesn't work without www
- Best way to allow users access to your app using their Google credentials