AWS Compute Blog

Category: AWS WAF

Lambda resource policy document

Building well-architected serverless applications: Managing application security boundaries – part 1

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC2: […]

Read More

Troubleshooting Amazon API Gateway with enhanced observability variables

Amazon API Gateway is often used for managing access to serverless applications. Additionally, it can help developers reduce code and increase security with features like AWS WAF integration and authorizers at the API level. Because more is handled by API Gateway, developers tell us they would like to see more data points on the individual […]

Read More
JSON web token decoded

Building well-architected serverless applications: Controlling serverless API access – part 2

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the Introduction post for a table of contents and explanation of the example application. Security question […]

Read More

Protecting your API using Amazon API Gateway and AWS WAF — Part 2

This post courtesy of Heitor Lessa, AWS Specialist Solutions Architect – Serverless In Part 1 of this blog, we described how to protect your API provided by Amazon API Gateway using AWS WAF. In this blog, we show how to use API keys between an Amazon CloudFront distribution and API Gateway to secure access to […]

Read More

Protecting your API using Amazon API Gateway and AWS WAF — Part I

This post courtesy of Thiago Morais, AWS Solutions Architect When you build web applications or expose any data externally, you probably look for a platform where you can build highly scalable, secure, and robust REST APIs. As APIs are publicly exposed, there are a number of best practices for providing a secure mechanism to consumers […]

Read More