Menu
I plan to have the following setup:
I want to store my front-end in S3 and my back-end in Lambda. Since I'm charged every time the lambda function gets executed, I don't want everyone to be able to make requests directly to it. On the other hand, I want to store my front-end simply in S3 as opposed to a server.
How do I go about protecting my back-end API from abuse or DoS?
772
Use CloudFront AWS WAF is a web application firewall that helps protect your application from DDoS attacks by giving you control over what traffic to allow or block by defining custom security rules (also called ACLs).
Amazon API Gateway Rate Limiting Rate limiting helps you prevent your API from being overwhelmed by too many requests. API Gateway throttles requests to your API using the token bucket algorithm, where a token counts for a request and the maximum bucket size is the burst .
To protect your web application against DDoS attacks, you can use AWS Shield, a DDoS protection service that AWS provides automatically to all AWS customers at no additional charge.
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.
I'm not sure you can protect your front end from people calling it more than they should since that's extremely hard to determine.
However for real DDoS or DoS protection you would probably want to use the features of API Gateway (check the question about threats or abuse) or AWS's new WAF. I know WAF has the ability to block ranges of IP addresses and the like.
83
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
