[英]How to protect AWS API gateway endpoint from DDos attack?
Recently I have been working with AWS API gateway where I created an API and protected it with API key and Cognito (OAuth). 最近,我一直在使用AWS API网关创建API,并使用API密钥和Cognito(OAuth)保护它。
One day I found that my API has been accessed 10K times which failed because of attacker didn't had the access to it. 有一天,我发现我的API被访问了10K次失败,因为攻击者没有访问它。
My question is : Does Amazon charge for such api calls which are unauthorized? 我的问题是:亚马逊会对未经授权的api电话收费吗? If they charge then how to protect it.
如果他们收费然后如何保护它。 As I understand even if I put WAF in front it my API url will still be exposed ....
据我所知,即使我把WAF放在前面,我的API网址仍会暴露......
Any help is appreciated... 任何帮助表示赞赏......
If you protect your endpoint with the following authorization types: AWS_IAM, CUSTOM, and COGNITO_USER_POOLS, API Gateway will not be charged for failed requests. 如果使用以下授权类型保护端点:AWS_IAM,CUSTOM和COGNITO_USER_POOLS,则不会为失败的请求向API网关收费。 Please reference the Pricing Documentation .
请参考定价文档 。 Also reference Secure AWS API Gateway with Lambda Integration
还可以使用Lambda Integration引用Secure AWS API Gateway
What you are describing is a type of DDoS
attack. 你所描述的是一种
DDoS
攻击。
This is what you need to do to protect your API Gateway Endpoint
from DDoS
attack. 这是保护
API Gateway Endpoint
免受DDoS
攻击所需的操作。
1) Create your API
2) Setup CloudFront distribution to your API
3) Front your CloudFront distribution with AWS WAF.
4) Create ACL rule and set requester limit to what you deem appropriate.
5) Test.
You still need to use AWS_IAM
or Cognito
to do the authorization part. 您仍然需要使用
AWS_IAM
或Cognito
来执行授权部分。
Here is the document that details the steps: 以下是详细说明步骤的文档:
https://aws.amazon.com/blogs/compute/protecting-your-api-using-amazon-api-gateway-and-aws-waf-part-i/ https://aws.amazon.com/blogs/compute/protecting-your-api-using-amazon-api-gateway-and-aws-waf-part-i/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.