Using serverless deployment, how do I restrict access to one AWS Lambda to a subset of IP addresses
Question
I am deploying several AWS lambda functions that are accessed via AWS API Gateway. I want to restrict one of these functions so that it can't be accessed unless you are in a particular IP address range (our VPN), while allowing the rest of the functions to be open to anyone who calls them. Can I do this? If so how. I have seen several examples where restriction of access to a subset of ip's is done by configuration of the provider section of the serverless yaml. However that would affect all of my functions and I don't want to have any of my other functions affected.
Thank you!
1 answers
solution1
1 ACCPTED 2020-10-07 00:33:27
IP based control to your API gateway can be done either by a WAF, or a custom Authoriser function, (might be called Lambda Authorizer now). See here for an example. You can specify a Lambda function in your serverless yaml for this authorizerFunc . There is support for this in serverless. For the endpoints you want protected from certain IPs put: authorizer: authorizerFunc in the events section, and leave the other endpoints which you want accessible to all alone.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.