Protecting a Static Website with JWT and Lambda@Edge

Adding authentication and authorization to a Single Page Webb App (SPA) using Amazon Cognito User Pool is very common and rather straight forward task. But what if you don't have a SPA? What if you have just a static website with static HTML files? How would you do it in that case?

This post all started when I needed to protect some static resources that was served from S3 over CloudFront. In the first setup I used a basic authentication …

amazon app authentication authorization aws case edge files html lambda pool security serverless spa website