I develop a HTTP REST API using Python flask, which is hosted on Amazon Elastic Beanstalk (platform: Python 3.4). To secure the API I want to add Basic Authentication to it.
First approach is to add the Basic Auth directly in the Python application (as described here). This requires to enable auth forwarding on the Apache server.
Second approach is to configure the Elastic Beanstalk container by adding a .config file in the .ebextensions directory. The following configuration I have from here. However this is not working for me.
files:
"/etc/httpd/conf.d/allow_override.conf":
mode: "000644"
owner: ec2-user
group: ec2-user
encoding: plain
content: |
<Directory /opt/python/current/app/>
AllowOverride AuthConfig
</Directory>
"/etc/httpd/conf.d/auth.conf":
mode: "000644"
owner: ec2-user
group: ec2-user
encoding: plain
content: |
<Directory /opt/python/current/app/>
AuthType Basic
AuthName "My Application"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
"/etc/httpd/.htpasswd":
mode: "000644"
owner: ec2-user
group: ec2-user
encoding: plain
content: |
appuser:pw1234
Question: Which is the best approach to add Basic Auth to the Python API (under the condition that SSL may be added later on too)? If it is the second one, why is the configuration not working.
Aucun commentaire:
Enregistrer un commentaire