stackoom
  简体   繁体   中英

How to secure AWS API Gateway with Access and Secret Keys in CloudFormation?

 原文  2018-05-10 22:33:22       amazon-web-services/ aws-lambda/ amazon-cloudformation/ serverless/ aws-serverless

Question

I created the serverless Lambda application by using an AWS Toolkit for Visual Studio template (I used Tutorial: Build and Test a Serverless Application with AWS Lambda ). I had selected 'Empty Serverless Project' and created simple lambda function linked to API Gateway .

The CloudFormation template looks like: 

{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Transform" : "AWS::Serverless-2016-10-31",
  "Description" : "An AWS Serverless Application.",

  "Resources" : {

    "Get" : {
      "Type" : "AWS::Serverless::Function",
      "Properties": {
        "Handler": "AWSServerless::AWSServerless.Functions::Get",
        "Runtime": "dotnetcore2.0",
        "CodeUri": "",
        "MemorySize": 256,
        "Timeout": 30,
        "Role": null,
        "Policies": [ "AWSLambdaBasicExecutionRole" ],
        "Events": {
          "PutResource": {
            "Type": "Api",
            "Properties": {
              "Path": "/",
              "Method": "GET"
            }
          }
        }
      }
    }
  },

  "Outputs" : {
    "ApiURL" : {
        "Description" : "API endpoint URL for Prod environment",
        "Value" : { "Fn::Sub" : "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/" }
    }
  }
}

Now I need to secure my API Gateway with Access and Secret Keys. I have investigated a bit and if I am correct it should look like next: 

"security":[{"sigv4":[]}]

But it still isn't clear to me where should I apply it? Possible that I am wrong and it could be done in another way. So my question is:

How to secure API Gateway with Access and Secret Keys in CloudFormation?

1 answers

solution1
 0  2018-05-11 07:06:06

You can use API key or Authorizers

The following examples create a custom authorizer that is an AWS Lambda function. 

"Authorizer": {
  "Type": "AWS::ApiGateway::Authorizer",
  "Properties": {
    "AuthorizerCredentials": { "Fn::GetAtt": ["LambdaInvocationRole", "Arn"] },
    "AuthorizerResultTtlInSeconds": "300",
    "AuthorizerUri" : {"Fn::Join" : ["", [
      "arn:aws:apigateway:",
      {"Ref" : "AWS::Region"},
      ":lambda:path/2015-03-31/functions/",
      {"Fn::GetAtt" : ["LambdaAuthorizer", "Arn"]}, "/invocations"
    ]]},
    "Type": "TOKEN",
    "IdentitySource": "method.request.header.Auth",
    "Name": "DefaultAuthorizer",
    "RestApiId": {
      "Ref": "RestApi"
    }
  }
}

(Update)
SO thread on How to use authorizers in the template

Reference an Authorizer definition in an API Gateway path

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS IAM API Cloudformation help for Access Key/Secret key authorization How to apply Security Policy on AWS API Gateway using AWS CloudFormation? How secure are Amazon AWS Access keys? How to create a private AWS Api Gateway using cloudformation? AWS Cloudformation - How to attach vpc link / NLB to method in api gateway? How to create AWS API Gateway Custom Domain using CloudFormation? How to get arn of AWS Api gateway when deploying with cloudformation How set Proxy on AWS API Gateway using Cloudformation AWS: How to enable CORS in API Gateway using Cloudformation? Validating AWS Access and Secret Keys
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM