Reputation: 339
Use AWS API and RDS to securely access data
I want an API which can query a MySQL database and return the desired data. Currently for development, I am using a AWS lambda. I am passing an access token in the request, so I am able to verify that a valid user is making the request. However, when I fetch data from the database, I am logging on to the database using a username and password and the database is open for public access. I think this application has security vulnerabilities because if anyone knows the database endpoint, they can brute force the username and password.
Is there a more secure approach in accomplishing this. The general workflow is:
API Gateway -> Lambda -> RDS (MySQL) -> Client
And the vulnerability I would like to avoid is the open access of the RDS MySQL DB.
Upvotes: 0
Views: 241
Answers (1)
Reputation: 200562
You should configure the Lambda function to run inside the VPC with the RDS instance, and then disable public access to the RDS instance.
Upvotes: 1
Related Questions
- How to store sensitive data in AWS
- Best way to share sensitive data over AWS
- AWS EC2 data at rest - security
- Securing AWS RDS credentials for Lambda
- Safely reading RDS instance database in AWS
- Amazon RDS database across application environments
- Simple way to to authorize access to my API
- Amazon RDS and client MySQL database securely
- Amazon RDS Security - Is there any alternative to Encryption at Rest?
- Security when connecting to EC2 instance