Does Amazon S3 support HTTP request with basic authentication

Question

I would like to set up an Amazon S3 account, create a bucket, upload some data, and that this data will be available using HTTP GET with basic authentication

Answer 1

I myself was trying to find solution to this problem. This post here has listed them all. Quoting the lines:

I’ve been looking for months for a solution to add Basic HTTP Authentication to S3 buckets on Amazon. There are options involving pre-signed URLs (single object only), using a 3rd-party free or commercial service (privacy concerns), spinning up an EC2/Heroku/etc. with middleware to proxy requests (complicated and not serverless), using page redirects and bucket policies (not secure).

Bucket policies solution: I have personally tried this and it seems perfectly secure to me (unless you have a way to bypass aws bucket policies). It just requires s3 bucket to operate. Simple to implement. Basic idea:

1. Restrict access to the entire site, except allow public access to Entry File and Secret File.
2. Entry File secure.html that accepts an user input for the password and redirects to Secret File
3. Secret File thisisasecret that redirects to Main File (index.html) that hosts the real content of the site
4. Main File main.html that only allows access to requests originated from the same site.
5. All the other content like css, js files would be restricted by a bucket policy which will allow them served iff the request originated from your bucket URL.

Using aws Lambda@Edge: This solution require s3, aws lambda and aws cloudfront to operate. Basic idea:

1. Create a secure.html. Create text boxes to enter basic credentials from user here. This file should be publicly accessible and should call a lambda function.
2. While configuring cloudfront create a behaviour which says 'if you want to reach index.html, you need to do so via Signed URL'.
3. Just like above create a bucket policy to allow access to js, css, etc. files only when origin is your bucket URL.