https://www.ory.sh/ logo
Join Slack
Powered by
Hi everybody, I'd like to use Ory Cloud (which is ...
# ory-network
i
Hi everybody, I'd like to use Ory Cloud (which is the same thing as "Ory Network" right?) to enable login for an SPA hosted on AWS Cloudfront and secure access to a lambda function. For the login, locally I would open a tunnel.. what's the equivalent for that in a serverless environment? It looks like I cannot use a reverse proxy with API Gateway to point to Kratos (401) and if I use a forward, I'm not redirected back after the login. Is there a way to do that without running an ory proxy on AWS myself? Also, what's the proper way to secure a lambda function with Ory Cloud?
βœ… 1
h
Hey @important-quill-35592 welcome to Ory πŸ™‚ The easiest way is if you do the following: 1. Have a domain (
<http://mydomain.com|mydomain.com>
) 2. Set up the AWS Lambda under a sub-domain (e.g. 
<http://app.mydomain.com|app.mydomain.com>
3. Set up a custom domain with Ory (e.g. 
<http://ory.mydomain.com|ory.mydomain.com>
) And that’s it! The session cookie will be available on all of your 
<http://mydomain.com|mydomain.com>
to all your apps - no coding or infrastructure needed πŸ™‚
i
Thanks for the quick reply and the welcome. πŸ™‚ Yea, I guess that makes sense. I actually wanted to postpone upgrade to a paid plan and purchasing a domain a bit longer, but if there's no easy alternative I'll look into that. And what do I need to point my login button on a page hosted on cloudfront to?
h
https://www.ory.sh/docs/guides/bring-your-user-interface πŸ™‚ But please be aware that these API and experience is not yet fully released as stable so it is a bit rough around the edges πŸ™‚
My recommendation is to for now just use the ory account experience to get done faster πŸ™‚ we are adding customizations (color, logo, …) as we speak and will improve the experience more and more.
i
Yea, I aboslutely want to use the ory account experience. My question is just what the equivalent for the ory tunnel that I'm using for local development is in an environment like cloudfront?
I read that there's ory proxy, but suppose I don't need to self-host that, do I?
h
Ah I see, in that case one option you have is to run the ory tunnel on some serverless infrastructure (e.g. with docker, in google it’s called google cloud run, not sure what the name is for AWS). and expose it under your dev domain 
<http://ory.mydomain.dev|ory.mydomain.dev>
. Or is the problem that you have no control over the domain?
i
I will have control over the domain. The equivalent in AWS would be AWS lambda, yea I also thought of that. But does the ory tunnel do anything special that a reverse proxy (API Gateway) cannot do? Basically I just want to expose the content of "<my-slug>.projects.oryapis.com/ui/login" under my domain name, so that the cookie is set for the correct domain.
h
Unfortunately it does, it makes sure that the URLs and form actions are set to the correct domain πŸ˜• If you have control over the domain, the easiest would be to just set up the custom domain to the tld and deploy the dev environments under that same tld
i
Okay, thanks a lot for the support! πŸ™‚
19 Views
Open in Slack
PreviousNext
Powered by