- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello.
I don't think it is possible to configure AWS WAF to be linked only to a specific resource path in API Gateway.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html
For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
For example, I think it is possible to create a custom rule for AWS WAF and set it so that when access to a specific URL is not blocked by WAF.
https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-string-conditions.html#classic-web-acl-string-conditions-values
You can use scope-down statements within AWS WAF to achieve this.
Hello, thank you for the answer. Since I need different protection mechanisms for /admin API from /user API, do you think it is better option to create 2 separate API Gateways, one for domain.com/user and other for domain.com/admin (different gateways, not mappings, since I cannot associate BasePathMapping with WAF) , or to go on with scope-down statements? For the /admin API i need authorization key in header (which I planned to check on waf level with string match) and IP allow rule, so only the admin IP is allowed to access. For the /user API I need lambda authorizer with custom authentication, Rate limit rules and DDOS prevent rules.
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- Réponse acceptéedemandé il y a 7 mois
- Réponse acceptéedemandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 6 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Hello, thank you for the answer. Since I need different protection mechanisms for /admin API from /user API, do you think it is better option to create 2 separate API Gateways, one for domain.com/user and other for domain.com/admin (different gateways, not mappings, since I cannot associate BasePathMapping with WAF) , or to go on with scope-down statements? For the /admin API i need authorization key in header (which I planned to check on waf level with string match) and IP allow rule, so only the admin IP is allowed to access. For the /user API I need lambda authorizer with custom authentication, Rate limit rules and DDOS prevent rules.