Menu
×
   ❮   
HTML CSS JAVASCRIPT SQL PYTHON JAVA PHP HOW TO W3.CSS C C++ C# BOOTSTRAP REACT MYSQL JQUERY EXCEL XML DJANGO NUMPY PANDAS NODEJS R TYPESCRIPT ANGULAR GIT POSTGRESQL MONGODB ASP AI GO KOTLIN SASS VUE DSA GEN AI SCIPY AWS CYBERSECURITY DATA SCIENCE
     ❯   

AWS Securing Serverless Architectures


Securing Serverless Architectures

There are three security best practices:

  • Audit your system for changes, unexpected access, unusual patterns, or errors.
  • Secure data in transit and at rest.
  • Consistently use the concept of least privilege.

The same security practices that apply to traditional cloud infrastructures apply to serverless architectures.

For example, you must still follow the least privilege principles and secure data in transit and at rest.

This applies to both distributed architectures and Lambda functions.


Securing Serverless Architectures Video

W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.


Utilizing AWS managed Services

To move shared responsibility to AWS with serverless architectures, employ AWS managed services.

You'll have the same security concerns, but AWS handles more of them on your behalf.

You are responsible for:

  • Monitoring visitors
  • Locking up personal items
  • Letting in only those users that you invite

To secure your services from illegal access, you can authorize API Gateway access.

You can authorize API Gateway access to your APIs in three ways:

  • AWS Identity and Access Management (IAM)
  • AWS Cognito
  • Lambda authorizers

Select the option that best fits your current authentication model and workload.

Security groups or network access control lists are AWS best practices for protecting Lambda function connections.

You can implement AWS WAF to secure your network from DoS attacks.

You can also benefit from the shared responsibility model.


Limiting Access to APIs

To limit access to APIs, you have three options for doing that:

  • AWS IAM
  • AWS Cognito
  • Lambda Authorizers

AWS IAM is best suited for clients that require temporary credentials.

AWS IAM is also greatly suited for the clients inside your AWS environments.

AWS Cognito provides you with managed sign-up and sign-in services.

AWS Cognito can also act as an identity provider.

Lambda authorizers execute the Lambda function to authorize a client.

Authorizers are great for centralized authentication.

Using API Gateway to authenticate reduces the cost of protecting your APIs from unauthorized users.

You may also use API Gateway features to restrict access.

Select the option that is best appropriate for your current authentication model.


AWS Serverless Exercises

Test Yourself With Exercises

Exercise:

Fill in the missing API authorization ways.

1. AWS 
2. AWS 
3. Lambda 

Start the Exercise