1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
The authorize in the $disconnect API is not required as you authorize the connection with $connect, after that the connection stays open, so you know all the traffic it's coming from the same connection you authorized at the beginning of the connection.
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a 14 jours
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
But, do we really need a VPC link between API gateway and service endpoint when we have WAF in place to protect against DDoS attack. Also, UI will re-establish the connection in case the connection closed by unauthorised user? Can we consider this as low risk without VPC link.
Without VPC link or public disconnect API, I see following risk: unauthorised user try to guess the connection id and result into disconnecting ui socket connection for a valid user. However, the risk is probably low as the UI will re-establish the connection within x sec (same as stale connection use-case). The other possible risk is DDoS attack, WAF can protect against that.