Add OAuth2 authentication to AWS S3 / Cloudfront with Okta & Lambda@Edge | Algolia

The team implemented an internal static website on AWS S3 for employees to download technical reports, but faced issues with native authentication/authorization. They used Okta for Identity and User Management, which required a back-end check. To solve this, they learned about AWS Lambda@Edge that lets you run Lambda Functions at different stages of a request and response. They decided to trigger a Lambda at the viewer-request stage to check if the user is authorized. They faced several restrictions and caveats with Lambda@Edge, such as limitations on environment variables, package size, region creation, and IAM execution role. To resolve these issues, they used JSON Web Tokens for secure access control. The solution involved writing a middleware between AWS and Okta using Lambda@Edge and creating various AWS resources to make it work.