Back to feed
Dev.to
Dev.to
5/12/2026
How I Locked Down a Static Site with Lambda@Edge and Cognito (No Backend Required)

How I Locked Down a Static Site with Lambda@Edge and Cognito (No Backend Required)

Short summary

A serverless authentication layer using AWS Lambda@Edge and Cognito adds login to static sites on S3 without modifying the site code or deployment pipeline. The architecture uses viewer-request Lambda functions at CloudFront edges to validate JWT cookies on every request and handle OAuth callbacks after login. Key constraints: Lambda@Edge doesn't support environment variables (use build-time config injection), has a 1 MB package limit (avoid heavy cryptography libraries), executes within 5 seconds, and must be created in us-east-1 before replicating globally.

  • Serverless auth layer for static sites using Lambda@Edge + Cognito + S3/CloudFront
  • Two Lambda functions handle JWT validation (fast path) and OAuth callbacks (login)
  • Critical constraints: no env vars, 1 MB limit, 5 second window, created in us-east-1

Generated with AI, which can make mistakes.

#certification-education
Read full article at Dev.to

Is this a good recommendation for you?

Explore more

SASL-OAuthbearer with AWS Lambda: How I Stopped Fighting Kafka Auth at 2am
Dev.to
6 architectures I considered for a privacy-first personal SaaS — and why I built two of them
Dev.to
How I Evaluated an AI Model on AWS Without Writing a Single Line of Training Code
Dev.to
Your AWS bill is lying to you — it shows services, not features
Dev.to