AWS Securing Serverless Architectures
Securing Serverless Architectures
There are three security best practices:
- Audit your system for changes, unexpected access, unusual patterns, or errors.
- Secure data in transit and at rest.
- Consistently use the concept of least privilege.
The same security practices that apply to traditional cloud infrastructures apply to serverless architectures.
For example, you must still follow the least privilege principles and secure data in transit and at rest.
This applies to both distributed architectures and Lambda functions.
Securing Serverless Architectures Video
W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.
Utilizing AWS managed Services
To move shared responsibility to AWS with serverless architectures, employ AWS managed services.
You'll have the same security concerns, but AWS handles more of them on your behalf.
You are responsible for:
- Monitoring visitors
- Locking up personal items
- Letting in only those users that you invite
To secure your services from illegal access, you can authorize API Gateway access.
You can authorize API Gateway access to your APIs in three ways:
- AWS Identity and Access Management (IAM)
- AWS Cognito
- Lambda authorizers
Select the option that best fits your current authentication model and workload.
Security groups or network access control lists are AWS best practices for protecting Lambda function connections.
You can implement AWS WAF to secure your network from DoS attacks.
You can also benefit from the shared responsibility model.
Limiting Access to APIs
To limit access to APIs, you have three options for doing that:
- AWS IAM
- AWS Cognito
- Lambda Authorizers
AWS IAM is best suited for clients that require temporary credentials.
AWS IAM is also greatly suited for the clients inside your AWS environments.
AWS Cognito provides you with managed sign-up and sign-in services.
AWS Cognito can also act as an identity provider.
Lambda authorizers execute the Lambda function to authorize a client.
Authorizers are great for centralized authentication.
Using API Gateway to authenticate reduces the cost of protecting your APIs from unauthorized users.
You may also use API Gateway features to restrict access.
Select the option that is best appropriate for your current authentication model.