Protect Public Restful APIs with API Gateway and oauth2.0

1

I am working on Airbnb like project. There are Public RESTful APIs that need to be secured with API Gateway and oauth 2.0 I want a solution to secure the public RESTful APIs with OAuth 2.0. Thanks

1 Antwort
2
Akzeptierte Antwort

Hi zeeshan.

First of all you need to decide whether you are gonna use an API Gateway of type REST or HTTP. https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html.

This is because they provide different security mechanisms:

You can check the possibilities above, but in general, in terms of Oauth2 support you should look into Lambda Authorizer (max level of control), Cognito pools and JWT Authorizers.

Other security mechanisms to be taken into account are about adoption of WAF (Web Application Firewall). Even in that case, it will depend on Rest vs Http. In general, you can attach a WAF directly to an API GW of type REST, while for HTTP you can achieve only if you have CloudFront in front of the api (as edge-optimized api) or an Application Load balancer.

Finally you should consider different levels of protections and possibly Packet Inspection and/or Detection. See a reference here https://aws.amazon.com/blogs/networking-and-content-delivery/scaling-network-traffic-inspection-using-aws-gateway-load-balancer/ which leverages Gateway Load Balancers to perform IPS scanning for internet ingress traffic.

Hope it helps ;)

profile picture
EXPERTE
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen