Authorize Websocket API $disconnect
0
Hello , AWS API Gateway provides option to authorize $connect API call. But, there is no option to do the same for $disconnect API. $disconnect API call result into deleting corresponding connection in database. Do we need to authorize disconnect API ? We are setting VPC link from API gateway to communicate with our service to ensure the endpoint is open only for API gateway. Is there any recommendation around securing disconnect API?
已提問 2 年前檢視次數 404 次
1 個回答
- 最新
- 最多得票
- 最多評論
1
The authorize in the $disconnect API is not required as you authorize the connection with $connect, after that the connection stays open, so you know all the traffic it's coming from the same connection you authorized at the beginning of the connection.
已回答 2 年前
相關內容
- 已提問 1 年前
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
But, do we really need a VPC link between API gateway and service endpoint when we have WAF in place to protect against DDoS attack. Also, UI will re-establish the connection in case the connection closed by unauthorised user? Can we consider this as low risk without VPC link.
Without VPC link or public disconnect API, I see following risk: unauthorised user try to guess the connection id and result into disconnecting ui socket connection for a valid user. However, the risk is probably low as the UI will re-establish the connection within x sec (same as stale connection use-case). The other possible risk is DDoS attack, WAF can protect against that.