DDOS APIGateway protection
I want to secure API Gateway (HTTP) with Cloudfront + WAF. After reading docs I think that API Gateway endpoint is still exposed to the Internet. The only thing that protects API Gateway is verification of Header in WAF. Attacker can still find API Gateway in the Internet and perform DDOS attack directly to API Gateway endpoint without going through Cloudfront.
Is this approach considered as secure? Cloudflare is using Tunnel to make sure that your infrastructure is not exposed to the Internet. I think this approach is much more secure. Is something like this available in AWS?
Thanks for answer @Rajarshi_D
I'm using HTTP API Gateway and I don't have problem with integrations that are exposed to the Internet. My concern is that my API Gateway is exposed to the Internet even when I'm using Cloudfront distribution in front of it. If someone will find where is my API Gateway, he will be able to attack it without going through Cloudfront.
Is there any way to hide API Gateway from the Internet and expose it through Cloudfront?
DDOS APIGateway protectionasked 2 months ago
How are DDoS related charges handled?Accepted Answerasked 3 months ago
secure API GW with WAF
What are the benefits of using Amazon CloudFront together with Amazon API Gateway?Accepted Answerasked 2 years ago
API Gateway Attack ProtectionAccepted Answerasked 3 years ago
Protect HTTP Api Gateway with WAF
Protect and secure http API GWAccepted Answer
protect http API GW when CF has S3 as origin
API Key injection for http API
Http Api and response compressionasked 2 years ago