Reputation: 909
Secure AWS API Gateway with Lambda Integration
I am creating a publicly available API using API Gateway which is backed with lambda functions to do some processing. I have secured it with a custom security header that implements hmac authentication with timestamp to protect against replay attacks. I understand that API Gateway protects against DDOS attacks through its high availability, but any invalid requests will still be passed to the lambda authentication function. So, I guess an attacker can submit invalid unauthenticated requests resulting in high costs. It will take a considerable number of requests to cause damage but it is still very doable. What is the best way to protect against that ? Thank you
Upvotes: 8
Views: 4188
Answers (2)
Reputation: 7344
API Gateway will not charge you for unauthenticated requests, however you would be charged by Lambda for the invocation on the authorizer.
API Gateway offers a semi-useful mitigation to this problem in the form of the 'identity validation expression' on the Authorizer, which is just a regex that is matched against the incoming identity source header.
Besides that, you might want to just implement some kind of negative cache or validation yourself in the Authorizer function to minimize the billed milliseconds.
Upvotes: 3
Related Questions
- How to secure an HTTP based API Gateway in AWS
- Authorization using Api gateway and Lambda
- AWS Lambda, AWS API Gateway and Securing REST endpoints
- How to authenticate with API Gateway?
- How to improve security with API Gateway, AWS Lambda, and ElastiCache setup
- How to secure AWS-API Gateway with out Authentication
- Securing access to AWS Lambda through API Gateway
- How to secure the APIGateway generated URL?
- Authorize AWS API Gateway by a Lambda
- AWS API Gateway security