Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Create API GW Websocket API that is only accessible from within a VPC.

0

Hi, I want to create Websocket API in the AWS APIGW, but, that it only only accessible from within a VPC (because I want to integrate it in with CloudFront, i.e., the authentication will be in the CloudFront using signed cookie or URL).

I could not find any documentation that do it.

Thanks,

Argomenti
ServerlessFront-end web e dispositivi mobiliNetworking e distribuzione di contenuti
Tag
Gateway API di AmazonAmazon CloudFront
Lingua
English
AWS-User-1922136
posta 2 anni fa1937 visualizzazioni
1 Risposta
1

API Gateway Websockets APIs do not support private APIs so you can't really prevent access to the API from any location. Saying that, you mention CloudFront as the way to access the API. If you use CloudFront, the requests are not routed via a VPC.

One way to achieve that only requests that came from CloudFront are handled by API Gateway is to add sone secret between CloudFront and API GW. This can be done by adding a new header with a specific value in CloudFront and create a Lambda Authorizer in API GW that verifies the value in the header.

profile pictureAWS
ESPERTO
Uri
con risposta 2 anni fa
profile picture
ESPERTO
Gary Mclean
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente