Reputation: 1317
Restrict access to S3 hosted website without whitelisting ips
We have a website hosted on AWS S3 that we intend to be accessed only by a limited group of people. Right now, we are white listing the allowed IPs, as described in Restrict access to website hosted on S3.
However, some of the people that must have access to this website don't have static ips, which forces us to constantly update the whitelisted ips on the AWS policy.
I'm pretty sure something like client side certificates should work, but I have no idea how to implement that in terms of AIM policy. Any other (simpler) alternative that does not rely on the IPs being static? I'm guessing adding ssh keys to AWS wouldn't do any good in this case, right?
Upvotes: 1
Views: 842
Answers (1)
Reputation: 19728
One alternative approach is to setup user based access control. You can do this by using the following AWS services.
- AWS Cognito UserPools
- AWS API Gateway
- AWS S3
The steps are as follows
- Create a AWS Cognito UserPool
- Create your users there with authenticated IAM role to allow API Gateway Execute.
- Create a public login page in S3 with Cognito Login SDK
- Setup API gateway and pass through to S3 AWS Service and also add Cognito UserPool authorizer creating requred IAM roles (Check this example)
After the setup, users should be able to login and access S3 through API Gateway.
Upvotes: 2
Related Questions
- Restrict access to website hosted on S3
- AWS S3 website access restriction to only users that are signed in into AWS
- How to make S3 objects readable only from certain IP addresses?
- How do I restrict access of my S3 web site to specific domains or IP addresses?
- Deny access to AWS S3 to all IPs except specific ranges
- Restricting Access to S3 to a Specific IP Address
- Restrict world access to Amazon S3 URLs
- Restrict access to S3 bucket by IP without affecting IAM credentials
- Restrict S3 permissions to just website
- Amazon S3 objects: is it possible to restrict public read policy to some IP adresses only ?