/cloudfront-signed-cookie-generator

AWS Amplify application that generates signed cookies to access websites on Amazon CloudFront.

Primary LanguageJavaScriptMIT LicenseMIT

English / 日本語

cloudfront-signed-cookie-generator

GitHub GitHub release (latest by date)

cloudfront-signed-cookie-generator is an AWS Amplify application that generates signed cookies to access websites on Amazon CloudFront. The application is written in Vue.js and uses Amazon API Gateway, Amazon Cognito, AWS Lambda and AWS Secret Manager as well as the Amplify CLI.

screenshot

Architecture Overview

architecture

$ amplify status

| Category | Resource name         | Operation | Provider plugin   |
| -------- | --------------------- | --------- | ----------------- |
| Function | getcookie             | No Change | awscloudformation |
| Function | signedcookiePreSignup | No Change | awscloudformation |
| Auth     | signedcookie          | No Change | awscloudformation |
| Api      | getcookie             | No Change | awscloudformation |
| Secret   | signedcookie          | No Change | awscloudformation |

The Secret category is a custom resource unique to this application.

Deploy with the AWS Amplify Console

The AWS Amplify Console provides hosting for fullstack serverless web apps. Deploy this app to your AWS account with a single click:

amplifybutton

The Amplify Console will fork this repo in your GitHub account, and then build and deploy your backend and frontend in a single workflow. Your app will be available at https://master.appid.amplifyapp.com.

Configuration

After deploying, configure your application.

Create CloudFront Key Pairs

Each of the AWS accounts that you use to create CloudFront signed cookies must have its own CloudFront key pair, and the key pair must be active. Create a key pair and store the private key in AWS Security Manager.

Update a Email Domain Filtering

This application contains a function that is run by pre sign-up Lambda triggers from Cognito, which only allows whitelisted emails. The list has the @gmail.com domain by default. Please update /amplify/backend/function/signedcookiePreSignup/function-parameter.json if you change.

{
 "DOMAINWHITELIST": "gmail.com"
}

Configure a Custom Policy

This application creates signed cookies using a custom policy. The custom policy is a policy statement in JSON format that specifies the restrictions on the signed cookie. Update the amplify/backend/function/getcookie/parameters.json to suit your environment.

{
    "AccessKey": "XXXXXXXXXXXXXXXX",
    "Domain": "example.com",
    "Duration": 3600,
    "IpAddress": "0.0.0.0/0",
    "ResourcePath": "https://example.com/*"
}

You can provide optional parameters as follows:

Name Type Details
AccessKey String The key pair ID for your key pair.
Domain String The domain name for the requested file.
Duration String The validity period from request time.
IpAddress String The IP address of the client making the GET request.
ResourcePath String The base URL including your query strings.