堆栈内存溢出
  简体   繁体   English

如何从 apple store 和 google play 访问私人 su.net 中的资源

[英]How to access resources in a private subnet from apple store and google play

 原文  2022-05-12 04:30:11       javascript/ amazon-web-services/ kubernetes

问题描述

Would love to get peoples thoughts on this.很想听听人们对此的看法。

I have a front-end application that lives on the apple store.我有一个位于苹果商店的前端应用程序。 It interacts with custom JavaScript APIs that we've built and that are deployed on an EKS cluster.它与我们构建并部署在 EKS 集群上的自定义 JavaScript API 交互。 The cluster and the EC2 instances of the cluster live in private su.nets in AWS, but are exposed to the world through an application load balancer that lives in a public su.net.集群和集群的 EC2 实例位于 AWS 的私有 su.net 中,但通过位于公共 su.net 中的应用程序负载均衡器向外界公开。

Since the front end application lives on apples servers, I can't think of an easy way to securely access the APIs in AWS without exposing them to the world.由于前端应用程序位于苹果服务器上,我想不出一种简单的方法来安全地访问 AWS 中的 API,而不会将它们暴露给世界。 This is what I have in mind:这就是我的想法:

  1. Use API keys.使用 API 键。 Not ideal as the keys could still potentially be scraped from a header不理想,因为密钥仍然可能从 header 中被刮掉
  2. Restrict access to the APIs to the apple server.network via ACLs and security groups.通过 ACL 和安全组限制对 apple server.network API 的访问。 Again, not something that seems achievable since there is no.network CIDR that apple provide (that I know of)同样,这似乎是不可能实现的,因为苹果没有提供(据我所知)的网络 CIDR
  3. Set up some sort of SSH tunnel设置某种 SSH 隧道

I've hit a wall on this and would really appreciate anyones thoughts if they've had a similar issue.我在这方面遇到了困难,如果他们有类似的问题,我会非常感谢任何人的想法。

Thanks!谢谢!

1 个解决方案

解决方案1
 1  2022-05-12 04:51:34

In Google CDP you can have another type of ACL which monitors the client URL. If requests wont come from your.frontend.app, they are denied.在 Google CDP 中,您可以使用另一种类型的 ACL 来监控客户端 URL。如果请求不会来自您的.frontend.app,它们将被拒绝。 Check if you can find that in AWS as well检查您是否也可以在 AWS 中找到它

I recommend to further think about if possible in you project:我建议在您的项目中进一步考虑是否可能:

1.) CSRF strategy. 1.) CSRF策略。 Apply tokens to clients which must be provided on request to API.将令牌应用于客户,必须根据要求提供给 API。
2.) AccessLimiter. 2.) 访问限制器。 Maintain Fingerprint or Session for your clients and count/limit requests as you need.为您的客户维护指纹或 Session,并根据需要计算/限制请求。 Eg if the request didnt run through an index file before, no request is possible as clients didnt collect a token.例如,如果请求之前没有通过索引文件运行,则不可能有请求,因为客户端没有收集令牌。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS - vpc:从公有子网访问私有子网 - AWS - vpc: private subnet access from public subnet 我们可以将私有 su.net lambda 连接到公共 su.net 中的资源吗? - Can we connect private subnet lambda to resources in public subnet? 从公共 su.net 连接到私有 su.net - Connecting from public subnet to private subnet 私有 su.net 中的 lambda 如何访问公共 su.net 中的 EC2? - How can a lambda inside a private subnet access EC2 in a public subnet? 从 AWS 提供的这个图表示例中给出的私有 su.net 中的公共访问路径是什么 - What is the route for public access from within a private subnet given in this diagram-example provided by AWS 从 elb 在私人 su.net 中访问 ASG 的问题 - Problem with accessing ASG in private subnet from elb AWS Fargate 私有 su.net,从 ECR 中提取 - AWS Fargate private subnet, pulling from ECR 如何通过私有 IP 将本地服务器连接到 Google Cloud SQL,其中私有 IP 与本地 su.net 冲突? - How to connect on-prem server to Google Cloud SQL over private IP, where private IP conflicts with local subnet? 在没有 SSH 隧道的情况下直接访问私有 su.net 中的数据库 - Direct access a database in a private subnet without SSH tunnel AWS - SSH 在私有 Su.net 中从 ALB 跳转到 EC2? - AWS - SSH Jump from ALB to EC2 in private Subnet?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM