How to make Aamzon API Gateway accept requests only from specific host

Question

So my problem is I have a lambda function created in AWS Lambda and is linked to the api gateway. So I want to make sure the request to the lambda function only happens throug my domain www.example.com

In this domain I make a request to run the serverless lambda function to perform a specific task.

Is there a way to ensure the api request is accepted only from my domain or host.

Also I make use of Python 2.7 to write the lambda function if there is any alternative please do suggest me, I am new to python and AWS Lambda.

Answer 1

If you are worried about browsers making requests to your api on www.example.com, that shouldn't happen if you don't have CORS headers that allow other domains to make requests. But outside of a browser, anyone can still make requests to your APt.

You can however authenticate api calls. This can be a simple api key thats on your client or temporary credentials (call STS to get credentials for a role) to call your api. But with effort someone (look at your source code and replicate the calling mechanism) can still call your api. You could increase the level of effort required, if you only allow authenticated users (authenticated using some name/password and enforced on api gateway) to make api calls.

If you are worried about being over billed, you can setup a usage plan on your api key and restrict it to x number of calls a day/week/month.

API Gateway supports multiple authentication mechanisms

• IAM Auth https://aws.amazon.com/premiumsupport/knowledge-center/iam-authentication-api-gateway/
• API Key http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-setup-api-key-with-console.html
• Cognito user pools http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html