admin管理员组

文章数量:1313001

I have a simple Lambda function which sends emails through SES. I can call it using a POST request with the required data and it will send an email. My question is, what are the methods I can use to secure this function? Currently, anyone can call that endpoint and execute the function with any data.

I have a simple Lambda function which sends emails through SES. I can call it using a POST request with the required data and it will send an email. My question is, what are the methods I can use to secure this function? Currently, anyone can call that endpoint and execute the function with any data.

  • javascript
  • aws-lambda
  • aws-api-gateway
  • serverless-framework
  • serverless-architecture
Share Improve this question edited Jun 26, 2017 at 15:44 Zanon 30.8k21 gold badges118 silver badges126 bronze badges asked Jun 26, 2017 at 14:04 THpubsTHpubs 8,17217 gold badges73 silver badges156 bronze badges 2
  • 2 You cannot secure client-side code, unless one considers obfuscation a security measure. Any basic contact form is vulnerable to being spammed, I guess. – user5734311 Commented Jun 26, 2017 at 14:06
  • 5 @ChrisG aws-lambda is a server side technology – LifeQuery Commented Jun 26, 2017 at 14:45
Add a ment  | 

1 Answer 1

Reset to default 12

You need to set an authorizer for your API Gateway. This tutorial is a great start point.

In summary, you need to:

  1. Create a Cognito User Pool
  2. Create a Cognito Identity Pool that uses this User Pool
  3. Make the client to log in and retrieve Cognito credentials
  4. Make the client to send authorization headers for all requests
  5. Set an authorizer in your Lamba function

Your serverless.yml will look like this with the authorizer configuration:

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: hello
          method: post
          authorizer:
            arn: YOUR_USER_POOL_ARN

You don't need to be restricted to a Cognito authorizer. You can use configure an authorizer for Google+, Facebook, etc.

This setting means that the Lamba function will be triggered only by authenticated users and you can identify what is the User ID by inspecting the event object: 

event.requestContext.authorizer.claims.sub

本文标签: javascriptHow to secure an AWS Lambda functionStack Overflow

版权声明:本文标题:javascript - How to secure an AWS Lambda function? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741881443a2402770.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。