Amazon API是否具有API密钥安全性? [英] Amazon API security with API Keys?

问题描述

我已经将其余的API部署在了Amazon API网关上，并且面临安全问题. 我正在为所有api请求使用api密钥，我想知道该api密钥是否以某种方式公开，并且我们知道已经发布的应用程序正在使用同一api密钥...那么我有什么选择?

I have deployed my rest API on amazon API gateway and I have a scenario in front of me with security concern. I am using an api key for all the api requests, I wanna know if the that api key is exposed somehow and as we know the same api key is being used by already published apps...Then what are my options?

也如上所述此处 如果我希望每个用户唯一的api密钥可以更安全，那么每个AWS账户只能有10000个API密钥，但是如果用户数量激增到10000个以上，该怎么办?
同样重要，请提出建议.

Also as mentioned here I can have only 10000 API keys per AWS account if I want the api keys to be unique per user for it to be more secure but what if the number of user shoots out to be more than 10000.
Please suggest on the same as it is very important.

推荐答案

不建议使用API​​密钥进行授权.将从每个API密钥收到的调用进行监控，并将其包含在您可以为每个阶段启用的Amazon CloudWatch Logs中.您应该使用API​​密钥来监视第三方开发人员的使用情况，并利用更强大的授权机制，例如IAM或

API keys are not recommended for authorization. Calls received from each API key are monitored and included in the Amazon CloudWatch Logs you can enable for each stage. You should use API keys to monitor usage by third-party developers and leverage a stronger mechanism for authorization, such as IAM or custom authorizers.

希望这会有所帮助

这篇关于Amazon API是否具有API密钥安全性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！