best way to secure public api-gateway?

Weird questing I know. Im new to AWS so please bear with me.

I am currently looking after a static website not hosted on AWS. I have made a api-gateway and lambda function to work as a token-hider for the cms api.

I only want the website to have access to the api-gateway not anyone else. The website does not have users or authentication which is why i though setting a authorizor on the gateway would be overkill.

I have currently set a resource policy to only allow certain a IP is this the best way to do it?

Edited by: enddev on Apr 29, 2020 8:41 AM
removed characters

Topics

Serverless Front-End Web & Mobile Networking & Content Delivery

Relevant content

Please I need urgent help, i am a student and aws wont stop charing me every month. i have filed a report. How do i get my money back???????
rePost-User-9106458
asked a year ago
Best way to publicly host a website of HTML/JS files and connect them to a RDS database?
AWS-User-0616660
asked 2 years ago
Securing a Static Public IP Address for a Bitnami WordPress E-commerce Website?
Software Solutions
asked 3 months ago
What is the best way to use AWS to host 100 small websites?
newbie5510
asked 7 months ago
How can I troubleshoot latency in my static website that's hosted on Amazon S3 and served through CloudFront?
AWS OFFICIALUpdated a year ago
How do I know which user made a particular change to my AWS infrastructure?
AWS OFFICIALUpdated 2 years ago
How do I use CloudFront to serve a static website that’s hosted on Amazon S3?
AWS OFFICIALUpdated 8 months ago
How can I use Amazon S3 to host a static website that uses API Gateway as the proxy?
AWS OFFICIALUpdated 10 months ago
Secure way to set up IPsec VPN between IBM Cloud and an AWS-managed VPN endpoint with static routing
EXPERT
Vinay Gugueoth
published 6 months ago
Why am I seeing charges for 'Public IPv4 addresses' when I am under the AWS free tier?
EXPERT
dnyanesh-db
published 2 months ago