AWS Secure Lambda Integrated API Gateway

I am creating a public API using the Gateway API, which supports lambda functions to do some processing. I protected it with a special security header that implements hmac timestamped authentication to protect against repeated attacks. I understand that the Gateway API protects against DDOS attacks due to its high availability, but any invalid requests will still be passed to the lambda error checking function. Thus, I assume that an attacker can submit invalid unauthorized requests, which leads to high costs. This will require a significant number of damage requests, but it is still very doable. What is the best way to protect against this? thank you

+3
source share
2 answers

Gateway API will not charge you for unauthenticated requests, however, you will be charged with Lambda for a call to the authorizer.

The Gateway API offers the goal of mitigating this problem in the form of an authentication authentication expression on the authorizer, which is just a regular expression that maps to the header of the incoming authentication source.

In addition, you can simply implement some kind of negative cache or check yourself in the Authorizer function to minimize milliseconds with an invoice.

+1
source

DDoS , WAF. , , WAF API Gateway.

+3

Source: https://habr.com/ru/post/1016556/


All Articles