I would need to host a minimized web app (static) on S3 but I can't make it public. I would want to make it accessible to only few people, therefore I was wondering if it is possible to configure aws to allow the access of the url of my static website only to some IP adresses or some IAM users (aws users)
Does anyone have an idea of how I could do this ? Or if it is even possible ?
CodePudding user response:
Yes it is possible. But it has a cost implication
- Create a Bucket - Public Access Blocked Settings!
- Create a CloudFront Distribution
- Create a new Origin in the CloudFront distribution
- During the settings create an Origin Access Identity (It is an important step, that makes CloudFront enable to fetch content from the Bucket which is Publicly blocked
- Create a WAF ACL (2.0 not classic) Whitelist the IP addresses that you want to able to access your site
- Enable WAF in CloudFront Distribution
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html https://docs.aws.amazon.com/waf/latest/developerguide/waf-ip-set-creating.html https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html
Or the cheaper option - set up an nginx (or any other type of server which capable of static file hosting) to host your static files and set up a security group and Network ACL to allow traffi from the specified IPs
CodePudding user response:
So for anyone wondering, I've found a free way to do this. You can find how to do the same here in French but with an English video to the right: https://aws.amazon.com/fr/premiumsupport/knowledge-center/block-s3-traffic-vpc-ip/
@Sándor Bakos also mentioned another way, I didn't try it but it seems right too, it just has a cost implication as he said.
Have a good day