stackoom
  简体   繁体   中英

How can I secure a AWS Beanstalk API that is receiving requests from AWS Amplify?

 原文  2021-05-06 12:06:05       amazon-web-services/ security/ amazon-elastic-beanstalk/ amazon-cognito/ aws-amplify

Question

I have set up an API on AWS Elastic Beanstalk and a Front-End environment on AWS Amplify, these 2 are connected and the front-end is receiving the data from the API calls.

The problem is, the API is open to the public. I'm looking for a way to whitelist (or any other way of securing it) AWS Amplify so only authorized users can make API calls through the front-end.

I'm currently using AWS Cognito as an authentication method for my AWS Amplify app.

Thank you!

1 answers

solution1
 1 ACCPTED  2021-05-06 12:25:15

You should use the access token returned by cognito to secure your API by setting the Authorization: Bearer <access_token> header with the JWT. Your backend then verifies the JWT to ensure it came from cognito before processing the request. This verification should be handled by a library of your choice, https://jwt.io has a good list.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can AWS API Gateway send requests to an Elastic Beanstalk Worker Environment How can I change these texts on AWS Amplify? How can i access aws dynamodb directly without any api when am using aws amplify? AWS Amplify to talk to rest api in ec2 created in elastic beanstalk AWS Amplify API: Can't remove @key from a @model How can I connect an existing app in the AWS Amplify Console with the AWS Amplify CLI? AWS: how to restrict access to API gateway from Amplify app? How do I use AWS Amplify tables from an API Gateway Lambda? How can I allow guest Amplify users to download files from my S3 bucket using the AWS Amplify iOS SDK? How do I sign AWS API requests?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM