大家好我已经编写了一个AWS lambda函数,应该对所有人开放。我也配置了我的云前端,用户可以访问。如何使API网关仅从云前端接收请求或将云前端域列入白名单。类似于Allowed_hosts。
我不应该回复邮递员或任何此类工具的任何电话。 API网关应该只响应来自cloudfront的调用。
我该怎么做?我不希望像Congnito或IAM那样设置身份验证系统。
有没有更好的方法来做到这一点?
我查看了CORS和访问控制允许来源。但这些都是基于浏览器的。
我需要一种只接受来自云端或我的s3存储桶的呼叫的方法。不是来自localhost或postman等。
提前致谢。
答案 0 :(得分:2)
Step 1:
Setup API Keys with API Gateway.
Step 2:
Add API Keys to CloudFront Origin with a custom header.
If anyone calls the API Gateway without a valid key, it will get refused.
To setup authentication on CloudFront you can sign the urls.
Hope it helps.
答案 1 :(得分:1)
I do not think that there is a way to restrict calls to your API GW endpoints... However, you can use the so-called API Keys. When you make a request to the specific API GW endpoint, you need to provide a header x-api-key
and the corresponding API Key as a value. As long as you provide the header with correct value, you will be able to access the functionality behind your endpoint. If you do not provide a correct API Key, you will simply get 403 Forbidden
.
Please take a look here and if you have any questions, read through the documentation. It's quite clear.
If there is anything unclear in my answer, I am open to help!
Cheers.