By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Could we setup a proxy or a middleware between AWS SDK and AWS Services?

0

Hello,

We want to know if it is possible to set up a proxy or a middleware on the AWS console, the scenario is when a user sends a request using AWS SDK, we want to intercept the request, do some processing, and then decide if the request continues its destination to the service in question or not;

Roughly speaking, something like that:

Enter image description here

Thank you,

Edit: We are not talking about IAM policies and "authentication and authorization", we want to set up a proxy or middleware after "authentication and authorization" and "before" the request execution.

Topics
Security, Identity, & ComplianceManagement & GovernanceMicroservices
Tags
Security, Identity, & ComplianceAWS Managed ServicesMicroservicesAWS Account Management
Language
English
MathDev
asked 9 months ago365 views
2 Answers
3

Hi,

what you are trying to achieve is the exact role of AWS IAM service. So, why would you do that ?

The simple and efficient way to obtain the result that you want is to properly and distinctly identify each of your users by separate IAM credentials (access key and secret key) and manage their access to service via ad hoc IAM policies.

The fact that they come via any SDK in any language is irrelevant: all SDK requests are authenticated and then authorized after processing of the Sigv4 signature (created from access key + secret key) of the request by the service endpoints.

Re. SigV4, see https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago
profile picture
EXPERT
Osvaldo Marte
reviewed 9 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed 9 months ago
  • MathDev
    9 months ago

    Thanks a lot, but I'm not talking about "authentication and authorization" (access key + secret key) + policies, this is a trivial thing. I'm talking about the process after "authentication and authorization". The question is: could we add a proxy or a middleware after "authentication and authorization" but before the execution of the request?

  • Didier_Durand EXPERT
    9 months ago

    AFAIK, there is no generic way to intercept a service request past the public AWS service points. What happens behind those endpoint is AWS-internal. The only way to approximate what the proxy that you're after is to use AWS private service links + gate them via an API gateway that would become your protected service endpoint and finally use a Lambda authorizer on this API gateway to decide if your user is allowed to proceeed or not. But, be aware that 1) NOT all services support private service endpoint and 2) you will have to reconfigure the SDK to route requests to our private service endpoints.

  • MathDev
    9 months ago

    Thank you very much.

1

Setting up a proxy or middleware between the AWS SDK and AWS services directly within the AWS console is not a built-in feature. However, you can achieve this by implementing an external proxy server that intercepts and processes the requests before forwarding them to the AWS services

profile picture
EXPERT
Giovanni Lauria
answered 9 months ago
EXPERT
Leo K
reviewed 9 months ago
  • MathDev
    9 months ago

    Thank you.

  • Leo K EXPERT
    9 months ago

    This answer is correct. Expanding a bit on your specific requirement, @MathDev, to do this after IAM authentication by AWS, that's impossible. You can only screen the requests on your proxy server before they go to AWS to be authenticated, authorised, and executed, but that'll presumably suffice for your use case. The authentication and authorisation steps will still be performed by AWS after your proxy has decided to let the request through.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content