[英]How to access resources in a private subnet from apple store and google play
Would love to get peoples thoughts on this.很想听听人们对此的看法。
I have a front-end application that lives on the apple store.我有一个位于苹果商店的前端应用程序。 It interacts with custom JavaScript APIs that we've built and that are deployed on an EKS cluster.
它与我们构建并部署在 EKS 集群上的自定义 JavaScript API 交互。 The cluster and the EC2 instances of the cluster live in private su.nets in AWS, but are exposed to the world through an application load balancer that lives in a public su.net.
集群和集群的 EC2 实例位于 AWS 的私有 su.net 中,但通过位于公共 su.net 中的应用程序负载均衡器向外界公开。
Since the front end application lives on apples servers, I can't think of an easy way to securely access the APIs in AWS without exposing them to the world.由于前端应用程序位于苹果服务器上,我想不出一种简单的方法来安全地访问 AWS 中的 API,而不会将它们暴露给世界。 This is what I have in mind:
这就是我的想法:
I've hit a wall on this and would really appreciate anyones thoughts if they've had a similar issue.我在这方面遇到了困难,如果他们有类似的问题,我会非常感谢任何人的想法。
Thanks!谢谢!
In Google CDP you can have another type of ACL which monitors the client URL. If requests wont come from your.frontend.app, they are denied.在 Google CDP 中,您可以使用另一种类型的 ACL 来监控客户端 URL。如果请求不会来自您的.frontend.app,它们将被拒绝。 Check if you can find that in AWS as well
检查您是否也可以在 AWS 中找到它
I recommend to further think about if possible in you project:我建议在您的项目中进一步考虑是否可能:
1.) CSRF strategy. 1.) CSRF策略。 Apply tokens to clients which must be provided on request to API.
将令牌应用于客户,必须根据要求提供给 API。
2.) AccessLimiter. 2.) 访问限制器。 Maintain Fingerprint or Session for your clients and count/limit requests as you need.
为您的客户维护指纹或 Session,并根据需要计算/限制请求。 Eg if the request didnt run through an index file before, no request is possible as clients didnt collect a token.
例如,如果请求之前没有通过索引文件运行,则不可能有请求,因为客户端没有收集令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.