1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hi, @sgupta07
Unfortunately, AppSync doesn't have the ability to disable the default endpoint like API Gateway does.
I came up with an alternative. (But not perfect)
You can assign AWS WAF ACLs to AppSync.
Using this mechanism, you can block access by directly specifying the default domain by blocking if the "host" header is not a custom domain in the WAF rule.
https://docs.aws.amazon.com/appsync/latest/devguide/WAF-Integration.html
関連するコンテンツ
- AWS公式更新しました 2年前
Thank you @iwasa. This solution seems to to block the default endpoint. Why do you think it's not perfect?
Cases controlled by the host header can also be called by requesting the default endpoint by sending a custom domain in the host header at the time of request.
@iwasa. I'm sorry for asking again. Is there any way we can make the host header secure? So that default endpoint can't be accessed.