Add/document ways to secure frontend #988
Comments
|
If this feature seems unlikely to be prioritized in the near future. Could anyone suggest a workaround? One idea I have is simply writing a separate CDK application that is deployed after the From there, you could find the reference to the CloudFront Distribution in the CloudFormation console and plug it into the separate CDK application, which would add a CloudFront Lambda@Edge function to carry out BasicAuth or a |
|
Seems related to #318 |
|
@phitoduck I have the same opinion. |
|
In the cdk workshop it is mentioned that a internal construct hub can be created using one of several solutions: How can I disable the cloudfront distribution directly for construct hub using cdk ? |
|
Bumping this, as this seems like an absolute minimum for private deployments. |
Description
If this is already implemented, please forgive me.
After reading the docs and perusing the
construct-hubsource code, I've been unable to find a recommended way to protect the HTML frontend for the webapp served by the CloudFront distribution.Does a recommended method of doing this exist?
If not, would it be acceptable to directly expose the CloudFront Distribution as a property of the
ConstructHubconstruct? My thinking here is that a reference to this CloudFront Distribution resource could be used to gate access to the served webpage using something like the AWS Cognito Hosted UI or simply Basic Auth.Use Case
Without the ability to restrict access to the frontend, I believe having a self-hosted construct hub isn't useful to companies. How could an enterprise use a self-hosted ConstructHub if the whole world can see their docs?
If a company doesn't mind their docs being exposed, I imagine they'd use the public instance of Construct Hub.
Other information
No response
The text was updated successfully, but these errors were encountered: