堆栈内存溢出
  简体   繁体   English

如何通过 http 触发器从 AWS SNS 触发 GCP 云功能(私有)

[英]How to trigger GCP cloud function(private) from AWS SNS over http trigger

 原文  2020-04-06 16:11:52       amazon-web-services/ google-cloud-platform/ google-cloud-functions/ amazon-sns/ hybrid-cloud

问题描述

I have cloud function in GCP which triggers when any object is received in s3 bucket using SNS notification.我在 GCP 中有云 function,当使用 SNS 通知在 s3 存储桶中收到任何 object 时触发。 SNS has been configured in such a way, when any object comes in s3 bucket it notifies GCP cloud function about it using http trigger(https url). SNS 已以这种方式配置,当任何 object 进入 s3 存储桶时,它会使用 http 触发器(https url)通知 GCP 云 function。 As of now Cloud function end point is public so that it could be triggered from anywhere even from web browser if someone has the url which is big security concern.截至目前,云 function 端点是公开的,因此如果有人拥有 url,它可以从任何地方触发,甚至可以从 web 浏览器触发,这是一个很大的安全问题。 Hence I would like to make it private and want it to be accessed only through AWS SNS but getting no idea how it could be done.因此,我想将其设为私有并希望它只能通过 AWS SNS 访问,但不知道如何完成。

2 个解决方案

解决方案1
 2 已采纳  2020-04-06 16:52:37

You cannot prevent users from calling your HTTP endpoint as you must make the endpoint public in order for Amazon SNS to be able to call your endpoint.您无法阻止用户调用您的 HTTP 终端节点,因为您必须将终端节点设为公开,以便 Amazon SNS 能够调用您的终端节点。 You can validate requests and reject requests (return 401 Unauthorized) that you do not want to process.您可以验证请求并拒绝您不想处理的请求(返回 401 Unauthorized)。

There are several methods to validate requests.有几种方法可以验证请求。 I am listing the methods from least secure to most secure (also easiest to hardest to implement).我列出了从最不安全到最安全(也是最容易到最难实现)的方法。

Check the x-amz-sns-topic-arn or x-amz-sns-subscription-arn for values you expect in the HTTP POST request headers.检查x-amz-sns-topic-arnx-amz-sns-subscription-arn以获取您期望在 HTTP POST 请求标头中的值。

Configure SNS to use Basic Authentication using a username and password.使用用户名和密码将 SNS 配置为使用基本身份验证。 Verify both values.验证这两个值。

Verify the SNS notification signature.验证 SNS 通知签名。 This method requires downloading the Amazon certificate and validating the signature on each request.此方法需要下载 Amazon 证书并验证每个请求的签名。

Using Amazon SNS for system-to-system messaging with an HTTP/s endpoint as a subscriber 使用 Amazon SNS 以 HTTP/s 终端节点作为订阅者的系统到系统消息传递

解决方案2
 0  2023-01-30 18:19:24

Validating the POST request headers will stop processing the code inside the cloud function but still it's a security concern as gcf is public and anyone who knows the url can keep in a loop and hit it.验证 POST 请求标头将停止处理云 function 内的代码,但这仍然是一个安全问题,因为 gcf 是公开的,任何知道 url 的人都可以保持循环并点击它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 SNS 触发 Step Function - Trigger a Step Function from SNS 从SQL触发器调用AWS SNS主题 - Invoke AWS SNS Topic from SQL trigger 如何使用 SNS 触发 lambda 函数? - How to trigger lambda function using SNS? 使用AWS Lambda函数从SNS主题触发器读取和复制S3库存数据 - Read and Copy S3 inventory data from SNS topic trigger with AWS lambda function 在SQS收到来自SNS的消息后触发AWS Lambda - Trigger AWS Lambda after SQS has received message from SNS 如何在AWS SNS API触发器中添加自定义标头? - How to add a custom header in AWS SNS API trigger? 如何从 aws lambda 触发 AWS 步骤函数 - How to trigger AWS step function from aws lambda SNS 触发的 AWS Lambda,我可以使用 SNS 触发器从 Lambda 捕获异常吗? - AWS Lambda triggered by SNS, can I catch exceptions from Lambda with the SNS trigger? AWS Lambda SNS 触发事件类型? - AWS Lambda SNS trigger Event Type? AWS SNS 应该触发我的 lambda,但不会 - AWS SNS ought to trigger my lambda, but does not
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM