Serverless Secured Image/Video Gallery Website
password protected Image/Video Gallery built ontop of AWS Services
this Project started as a simple Terraform Port of AWSPics, so most ideas comes from there.
Demo
use these credentials: demouser
: demouser
Whats inside
- AWS Cloudfront (delivers the website)
- AWS Certificate Manager (ssl all the things)
- AWS S3 (for storing original images/videos, the encoded/resized ones, the final static website)
- AWS Transcoder Service (transcode videos into a web usable format)
- AWS Lambda (handling login, triggering video encoding, resizing images, building the static website)
- AWS Cognito (for user management)
- AWS KMS (encrypt what could be encrypted, cloudfront cant read from encrypted buckets :( )
- AWS Cloudwatch (trigger the website build every hour, collect all the logs)
Differences to AWSPics
- Terraform instead of Cloudformation (for obvious reasons ;) )
- AWS Cognito for User Management instead of
.htaccess
- Video Support
- Image Sourcesets
- GatsbyJS for static Site Generation
- Album Post through simple Markdown File and
frontmatter
Prerequisites
Docker for building the lambda functions
a certificate for your domain
or certdomain
should already exists (in us-east-1
for cloudfront)
the encrypted cloudfront private key
create and download a cloudfront private key here, note the ID
put the absolute path to file into the variable cloudfront_private_key_file
put the key_pair ID into cloudfront_key_pair
thats needed to generate signed cloudfront cookies and the ability to login
a user in your AWS Cognito User Pool after the stack is initially completed
so your users can login
Usage
//terraform.tfvars
domain = "gallery-demo.digitalkaoz.net"
region = "eu-central-1"
certdomain = "digitalkaoz.net" #only if your domain is a subdomain
cloudfront_key_pair = "XYZ"
cloudfront_private_key_file = "/path/to/cloudfront_private_key.pem"
website_config = {
title = "website title"
subline = "sub headline"
short_code = "the websites short name"
author = "the author"
}
//main.tf
provider "aws" {
region = "eu-central-1"
profile = "default"
version = "~> 1.11"
}
provider "aws" {
alias = "us"
region = "us-east-1"
profile = "default"
version = "~> 1.11"
}
module "ssl_private_image_gallery" {
source = "github.com/digitalkaoz/tf-private-static-image-video-gallery"
region = "${var.region}"
domain = "${var.domain}"
certdomain = "${var.certdomain}"
cloudfront_key_pair = "${var.cloudfront_key_pair}"
cloudfront_private_key_file = "${var.cloudfront_private_key_file}"
website_config = "${var.website_config}"
}
you have to wait until your Cloudfront Distribution is done deploying, so grab a coffee (~20min) before going on
uploading images and videos
simply drop your files (categorized by folders) inside the source
bucket into the folder original
providing folder metadata
simply create a markdown file inside the folder named post.md
creating users
simply create them inside AWS Cognito
TODO
- encrypt more stuff
- handle building of lambda functions outside of terraform?! would fix the needless terraform state changes but would need another tooling step :/
- extract image metadata for later usage (e.g. geolocated on a worldmap)
- certificate generation with DNS validation
- remove/publish gatsby lambda patches/hacks
- Fix Terraform Building of function code ordering = build -> package -> upload -> create_function (sometimes its wrong)
- sometimes the build lambda ist uploaded somehow strange and errors in gatsby site config validation "path should not be null"
- use correct lambda source code hash to minimize tainted resources (sha1, sha256 ? )
- remove css build chain for gatsby in lambda to remove custom
html.js
and hardcodedstatic/main.css