Authorize Websocket API $disconnect
0
Hello , AWS API Gateway provides option to authorize $connect API call. But, there is no option to do the same for $disconnect API. $disconnect API call result into deleting corresponding connection in database. Do we need to authorize disconnect API ? We are setting VPC link from API gateway to communicate with our service to ensure the endpoint is open only for API gateway. Is there any recommendation around securing disconnect API?
言語
English
質問済み 2年前404ビュー
1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
The authorize in the $disconnect API is not required as you authorize the connection with $connect, after that the connection stays open, so you know all the traffic it's coming from the same connection you authorized at the beginning of the connection.
回答済み 2年前
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 2年前
But, do we really need a VPC link between API gateway and service endpoint when we have WAF in place to protect against DDoS attack. Also, UI will re-establish the connection in case the connection closed by unauthorised user? Can we consider this as low risk without VPC link.
Without VPC link or public disconnect API, I see following risk: unauthorised user try to guess the connection id and result into disconnecting ui socket connection for a valid user. However, the risk is probably low as the UI will re-establish the connection within x sec (same as stale connection use-case). The other possible risk is DDoS attack, WAF can protect against that.