堆栈内存溢出
  简体   繁体   English

保护 lambda function 网址免受滥用攻击?

[英]Protecting lambda function urls from abuse attacks?

 原文  2023-01-31 18:01:15       amazon-web-services/ aws-lambda

问题描述

I can't really find any documentation on how to protect a public lambda function url. If it's open to the public, it seems like it would be very vulnerable to being spammed by some malicious actor.我真的找不到任何关于如何保护公共 lambda function url 的文档。如果它向公众开放,它似乎很容易被恶意行为者发送垃圾邮件。 What is the best practice for protecting the lambda?保护 lambda 的最佳做法是什么?

2 个解决方案

解决方案1
 2  2023-01-31 18:29:11

According to this page , there are two types of AuthType options.根据此页面,有两种类型的 AuthType 选项。

The AuthType parameter determines how Lambda authenticates or authorizes requests to your function URL. When you configure your function URL, you must specify one of the following AuthType options: AuthType 参数确定 Lambda 如何验证或授权对您的 function URL 的请求。当您配置您的 function URL 时,您必须指定以下 AuthType 选项之一:

AWS_IAM – Lambda uses AWS Identity and Access Management (IAM) to authenticate and authorize requests based on the IAM principal's identity policy and the function's resource-based policy. AWS_IAM – Lambda 使用 AWS Identity and Access Management (IAM) 根据 IAM 委托人的身份策略和函数的基于资源的策略对请求进行身份验证和授权。 Choose this option if you want authenticated users and roles to invoke your function via the URL.如果您希望经过身份验证的用户和角色通过 URL 调用您的 function,请选择此选项。

NONE – Lambda doesn't perform any authentication before invoking your function. However, your function's resource-based policy is always in effect and must grant public access before your function URL can receive requests.无 – Lambda 在调用您的 function 之前不执行任何身份验证。但是,您的函数的基于资源的策略始终有效,并且必须在您的 function URL 可以接收请求之前授予公共访问权限。 Choose this option to allow public, unauthenticated access to your function URL.选择此选项以允许未经身份验证的公共访问您的 function URL。

I am guessing you want to use the AWS_IAM option.我猜您想使用 AWS_IAM 选项。 If neither option suits your need, I suggest attaching it behind API Gateway.如果这两个选项都不适合您的需要,我建议将其附加在 API 网关后面。

解决方案2
 0  2023-01-31 18:06:24

Setup API Gateway in front of Lambda then Enable authorization on API Gateway.在 Lambda 前面设置 API 网关,然后在 API 网关上启用授权。 Malicious requests will not reach too your Lambda function.恶意请求不会到达您的 Lambda function。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Lambda function 生成预签名 S3 url 的最低策略要求 - Minimum Policy requirement for a Lambda function for generating presigned S3 urls 如何从 AWS Lambda 函数 + 无服务器框架的 URL 中删除阶段? - How to remove stage from URLs for AWS Lambda functions + Serverless framework? 如何从javascript中的另一个lambda调用特定的lambda模块function? - How to call a specific lambda module function from another lambda in javascript? 从 Lambda Function 写入 DynamoDB - Writing to DynamoDB from Lambda Function 从 cloudformation 模板调用 lambda function - Invoke lambda function from a cloudformation template 如何从 lambda function 更新代理状态 - How to update agent status from lambda function 从 aws cli 部署到 lambda edge function - Deploy to lambda edge function from aws cli 如何从 lambda function 呼叫 Secret Manager - How to call secret manager from lambda function 从另一个 Lambda 调用 AWS Lambda function 超时错误 - Timeout error invoking AWS Lambda function from another Lambda 从 lambda 函数调用 Spotify API - Invoking Spotify API from lambda function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM