将IP白名单安全性添加到API网关 [英] Adding IP whitelisting security to API gateway
问题描述
我在AWS API网关上有一个API,该API调用LAMBDA函数,并且我想为该API添加IP白名单,因此仅允许的IP可以访问该API.我怎样才能做到这一点?
I have a API on AWS API gateway which calls LAMBDA function and I want to add IP whitelisting for that API so the allowed IPs only can have access to that API. How can I achieve this?
推荐答案
There is a really extended blog post about this which you can find here.
最重要的是,
- 每种方法中,选择IAM授权方法.
- 创建一个类似于以下内容的新IAM策略,并将其附加到API方法
{ "Version":"2012-10-17", 陈述": [ { 效果":允许", 行动": [ "execute-api:调用" ], 健康)状况": { IP地址": { "aws:SourceIp":"xxx.xx.xx.xx/32" } }, 资源":"arn:aws:execute-api:::*" } ]}
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "execute-api:Invoke" ], "Condition": { "IpAddress": { "aws:SourceIp": "xxx.xx.xx.xx/32" } }, "Resource": "arn:aws:execute-api:::*" } ] }
如果需要,您可以添加多个SourceIps
you can add multiple SourceIps if needed
这篇关于将IP白名单安全性添加到API网关的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!