Phillip Scott Givens

Dev Journal

Notes from my development journey.

Authentication at the Edge with Lambda@Edge

One of the trickier parts of this site is protecting the photo gallery. The site is fully static — there’s no server to check credentials against. So the authentication has to happen at the CDN level.

The Setup

The solution uses three AWS services working together:

  1. Cognito — manages the user pool and handles Google OAuth
  2. CloudFront — serves the site and routes requests
  3. Lambda@Edge — runs on every request to protected paths and checks for a valid JWT

How It Works

When someone requests a gallery image, the request hits CloudFront first. Before CloudFront fetches the image from S3, it triggers a Lambda@Edge function on the viewer-request event:

Building This Site with Hugo

I decided to build my personal site with Hugo, a static site generator. The goal was something simple: two blogs, a photo gallery behind authentication, and a clean design that stays out of the way of the images.

Why Hugo

Hugo is fast. Builds complete in milliseconds, even with hundreds of pages. It’s a single binary — no Node.js, no Ruby, no Python runtime needed. And it has built-in support for taxonomies (tags, categories) which saved me from bolting on something custom.