Reputation: 25721
Does using ios-aws-sdk pass everything over SSL
I use AWS Lambda as a backend service to authenticate users from my ios app. When learning about Lambda I was pointed to use the Amazon API Gateway to make the data over the network go over HTTPS:// and NOT HTTP://.
Someone recently pointed out that all calls to AWS Lambda, DynamoDB, S3, and Cognito directly from my app automatically go over HTTPS://. Is this true or not?
Upvotes: 1
Views: 197
Answers (1)
Reputation: 6525
Unfortunately the docs are not explicit on the matter, that I could find, but inspecting the source on github:
AWSService, one of the base services used by the sdk, uses https by default, and will only switch to http if the AWSServiceConfiguration particular configuration is established with the parameter useUnsafeUrl set to true.
And AWSLambdaService, even if initialised with a configuration object, appears to set the useUnsafeUrl option to NO.
So - inspection of the source suggests that all access to the service is by default https.
This is consistent with AWS SDK defaults in other languages/frameworks as well.
-- Edited to note --
I had a thought after posting this - it's possible that the advice to use API Gateway for https was based on the common practice of exposing Lambda functions as API endpoints. If you want to do that, then API Gateway gives you a way, and if you are using API Gateway, then you do need to ensure it is configured to use https.
What is not clear from your question is - from your app, are you invoking the lambda functions via the API Gateway endpoint? Or directly via the AWS SDK? If invoking directly via the AWS SDK then there is no need to use API Gateway at all.
If you are already using the API Gateway, and issuing HTTPS web requests to invoke your lambda functions, I wouldn't necessarily stop, because it gives you a nice point of abstraction and decoupling - you could completely change your backend implementation and as long as you keep the API Gateway endpoint configuration the same, your clients will still work. Alternatively, you could start to implement other clients or expose your API to 3rd party clients who aren't in a position to use AWS SDK and they will still be able to interract with your backend via standard HTTP protocols.
Upvotes: 1
Related Questions
- Does AWS Api-Gateway support Mutual TLS when it receives a call from external service?
- Encryption in transit between AWS Resources (Lambda and API Gateway)
- How to make SSL-Requests with AWS-Lambda-Function?
- Is the S3 Protocol encrypted in transmission when using the SDK?
- Using an Amazon API Gateway with ios
- AWS API Gateway on iOS
- Something fishy about AWS S3 SSL deprecation and iOS SDK
- AWS iOS SDK TLS Support
- Configuring HTTPS access in Amazon Web Service SS3 bucket for iOS Application Adhoc
- How to check and set Amazon Web Services SDK for iOS and Android to use HTTPS (SSL)?