Have an Alexa skill access private backend services or resources

Question

Customer wants to build a set of Alexa skills to be used internally, i.e. by their employees. The Alexa skills would need to access backend services that reside inside the corporate data center. I could think of two approaches:

1. Run the Alexa skill inside the corporate data center and make the endpoint for it accessible across the internet.
2. Develop the Alexa skill in Lambda, and open up access to the endpoints of the backed services that need to be accessed.

Does anybody have any experience with one or either or these approaches and caveats to take into account?

Accepted Answer

I've seen customers build skills against APIs hosted elsewhere as you outline in scenario 1. The only caveat I'd mention is around security and that developers should validate that a request is actually coming from Alexa by [verifying the signature of the request][1].

If your customer has a VPN or DX link to their data center, they could also consider running their Lambda functions within the associated VPC and communicate privately with their backend APIs. It's likely opening up the APIs of their backend services as you outline in scenario 2 and might introduce other security concerns that are best avoided.

[1]: https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/developing-an-alexa-skill-as-a-web-service#verifying-that-the-request-was-sent-by-alexa

Have an Alexa skill access private backend services or resources

相關內容