使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Protecting AWS API Gateway From 3rd Party Only

0

Hello,

I need to control access to my REST API Gateway in the following manner:

  • When called from my own web app (SPA hosted on S3/CloudFront at a specific Route53 domain) it should go through only after validating the calling user in terms of authentication and authorization through an OAuth2 JWT token.
  • When a 3rd party calls (any other domain/machine) the above should also happen, but only after validating that a specific API Token has been issued to the caller.

What technologies should I be using to achieve the above please?

主題
安全性、身分識別與合規無伺服器前端網頁與行動裝置網路與內容交付
標籤
AWS Identity and Access ManagementAmazon API GatewayAmazon CloudFront
語言
English
NetbizUp
已提問 2 年前檢視次數 454 次
1 個回答
0

API Gateway supports only a single authorization method per route. If need something which is more complex than what API Gateway supports (Cognito or IAM), you will need to use a Lambda authorizer. In the authorizer you can check the source (based on maybe some secret header that you pass from the client) and if it is not your client, you check for the other token.

profile pictureAWS
專家
Uri
已回答 2 年前
  • NetbizUp
    2 年前
    1. So you mean I cannot use Cognito + API token to protect a single route?
    2. Is it actually safe to pass a fixed API token from an SPA client to the Gateway?
  • Uri 專家
    2 年前

    1. You can use both Cognito and API keys, however, if you specify that API keys are required, they will be required for everyone.

    2. Not really, but it is not very different than passing an API key.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容