1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
You could put the traffic to your API gateway via CloudFront, and protect API gateway with API key.
So you would have "api.example.com" -> CloudFront (Where you verify the cookie + add X-API-KEY to request -> API Gateway To add the x-api-key you can specify it in the CloudFront settings without the need to use Lambda@Edge https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html
Here the information on how to set up API Gateway with its own CloudFront distribution
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- Réponse acceptéedemandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
I did check it out but got the impression it is not a fit. the challenge is that I need to use a cookie that belongs to domain
abc.example.com
to authenticate againstapi.example.com
. But I cannot set that cookie when atabc.example.com
as it is another domain. I would have to use a higher domain likeexample.com
. However, then users fromabc.example.com
could accessdef.example.com
what I don't want them to be able to. I now ended up with a scenario where I have Lambda@Edge create a JWT that has the originating domain, e.g.abc.example.com
as payload and I do set that cookie under.example.com
so it will be sent along with every api call toapi.example.com
.still, looks like that approach is the only feasible solution