Create API GW Websocket API that is only accessible from within a VPC.

Hi, I want to create Websocket API in the AWS APIGW, but, that it only only accessible from within a VPC (because I want to integrate it in with CloudFront, i.e., the authentication will be in the CloudFront using signed cookie or URL).

I could not find any documentation that do it.

Thanks,

주제

서버리스 프론트엔드 웹 및 모바일 네트워킹 및 콘텐츠 전송

태그

아마존 API 게이트웨이 아마존 CloudFront

언어

English

AWS-User-1922136

질문됨 2년 전1937회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

API Gateway Websockets APIs do not support private APIs so you can't really prevent access to the API from any location. Saying that, you mention CloudFront as the way to access the API. If you use CloudFront, the requests are not routed via a VPC.

One way to achieve that only requests that came from CloudFront are handled by API Gateway is to add sone secret between CloudFront and API GW. This can be done by adding a new header with a specific value in CloudFront and create a Lambda Authorizer in API GW that verifies the value in the header.

전문가

Uri

답변함 2년 전

전문가

Gary Mclean

검토됨 한 달 전

Create API GW Websocket API that is only accessible from within a VPC.

관련 콘텐츠