question

newuser-44c887bd-56d0-4dbd-8768-1b719e66d436 avatar image

Security to API calls while developing application using serverless

I am trying to develop Serverless Appilcation using html,JavaScript and Ajax. My data is in dynamo db. so I have written Lambda to get values from DynamoDB and also created API Gateway to access data.

Calling Api from AJAX code to retrieve data from dynamoDB.

Now, My problem is my api is exposable and anyone can access it. Please suggest me how to provide security to my API.

lambdaapi
3 comments
10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Are you building a mobile app, or an Alexa skill?

0 Likes 0 ·

I am trying to create a Serverless web application using Lambda ,API Gateway and dynamoDB.

0 Likes 0 ·

In that case, your question is more suited for AWS Forums, please post it there: https://forums.aws.amazon.com/ - Thanks!

0 Likes 0 ·

1 Answer

Avi@PureSec avatar image
Avi@PureSec answered

Hi there,
One option would be to use AWS Cognito for managing your users' authorization against your API endpoint. Other options are to set a static API Key or create a custom authorization logic using a custom authorizer Lambda function.

To fully secure your application, I'd recommend using PureSec's FunctionShield to enforce strict security controls on your Lambda Function's logic:
https://www.puresec.io/function-shield

10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.