Question:
I have a simple site in fargate and an alb. I want to throw a simple basic auth on top of it – just a single hardwired username and password. Is there an easy way to do this?
I tried going to cognito – creating a user pool, and attaching it to the site, but there were questions like “callback url” – which i just set to the same url and “signout url” that I wasn’t sure about and when I managed to click a set of things that allowed me to add it, and add a listener to my https endpoint – it just gives a “redirect_mismatch” when I try to get in.
Is there any way to do what I want without editing the underlying system in any way?
Answer:
I did the following tests using ALB and CloudFront (just to be able to test HTTPS)
- Encode credentials user=
userand password=password
1234echo -n 'user:password' | base64dXNlcjpwYXNzd29yZA== - Create ALB with the listener rule
AuthorizationisBasic dXNlcjpwYXNzd29yZA==
- Place ALB behind CloudFront and forward
Authorizationheader - Test result using curl
12345678910111213141516# Authentication optioncurl -u 'user:password' https://d3anlpzrykthss.cloudfront.netHello from f86c5f9e0395# Inline passwordcurl https://user:password@d3anlpzrykthss.cloudfront.netHello from f86c5f9e0395# Headerscurl -H 'Authorization: Basic dXNlcjpwYXNzd29yZA==' https://d3anlpzrykthss.cloudfront.netHello from f86c5f9e0395# Wrong passwordcurl -u 'user:wrong' https://d3anlpzrykthss.cloudfront.netNot authorized - Not clear how to make it to work in Browsers – inline password doesn’t work
123https://user:password@d3anlpzrykthss.cloudfront.netNot authorized