best way to secure public api-gateway?


Weird questing I know. Im new to AWS so please bear with me.

I am currently looking after a static website not hosted on AWS. I have made a api-gateway and lambda function to work as a token-hider for the cms api.

I only want the website to have access to the api-gateway not anyone else. The website does not have users or authentication which is why i though setting a authorizor on the gateway would be overkill.

I have currently set a resource policy to only allow certain a IP is this the best way to do it?

Edited by: enddev on Apr 29, 2020 8:41 AM
removed characters

asked 3 years ago40 views
1 Answer

I set resource policy to whitelist an IP and added API key.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions