Hancock provides authorized access to S3 assets via url signing. It is designed in an optimized way so that locality of S3 buckets or cloudfront endpoints can still be leveraged.
The service receives http requests, signs the url using your AWS secret key, and finally redirects the client to S3 or cloudfront with the signed url. This service is to be used in conjunction with an authorization service such as PKI client cert authentication via nginx.
This service runs as a http server to receive requests, sign urls, and redirect users. It is recommended that this be placed behind a nginx proxy or an Amazon ELB.
user -> nginx (auth + proxy) -> hancock (url signing + redirect) -> user (redirected) -> S3/cloudfront
user
<your domain>/some/s3/asset
.nginx
hancock
user
make
You can also use make to clean your built artifact with make clean
This repo uses the relase-please action. Release please leverages conventional commits formatting to automatically collect release notes to create the next semver tag. Once the release pr is merged release please will tag the next version and run goreleaser which will automatically build the binaries and attach them to the github release. The release pr will continue to collect changes since the last time a release was tagged.
This will be more complete later. However, for testing I am running the command directly with:
AWS_ACCESS_KEY_ID=<access_key> AWS_SECRET_ACCESS_KEY='<secret_key>' ./hancock
The hancock
is currently hard coded to listen on 0.0.0.0:8080
. This will be modifiable in the future.