Hi Ryan/Faye – Thanks for the sessions. So far so good.
Below are the whole list of options to secure objects in S3 as per my understanding
1. IAM Policies
2. Bucket Policies
3. Object ACLs
4. Pre Signed URLs
5. Signed Cookies
1. Please confirm if this is correct
2. Could you also please help me with some details on Signed Cookies like Pre Signed URLs for securing private content in S3 ? Thanks for the CLI command "presign" which makes things easier
3. Think we can validate the token created by any enterprise IAM solution (After getting authenticated over there) in Lambda@Edge "Viewer Request" to authorize requests to S3 object ? Is that correct ?
Hi, for more information about Pre Signed URLs for securing private content in S3 check out the following link:
and you might be interested in the following blog post which discusses an architecture for which uses Lambda@Edge and JSON Web Tokens to Enhance Web Application Security
hope that helps!