6

I have a simple Lambda function which sends emails through SES. I can call it using a POST request with the required data and it will send an email. My question is, what are the methods I can use to secure this function? Currently, anyone can call that endpoint and execute the function with any data.

Improve this question
2
  • 2
    You cannot secure client-side code, unless one considers obfuscation a security measure. Any basic contact form is vulnerable to being spammed, I guess. Commented Jun 26, 2017 at 14:06
  • 5
    @ChrisG aws-lambda is a server side technology Commented Jun 26, 2017 at 14:45

1 Answer 1

Reset to default
12

You need to set an authorizer for your API Gateway. This tutorial is a great start point.

In summary, you need to:

  1. Create a Cognito User Pool
  2. Create a Cognito Identity Pool that uses this User Pool
  3. Make the client to log in and retrieve Cognito credentials
  4. Make the client to send authorization headers for all requests
  5. Set an authorizer in your Lamba function

Your serverless.yml will look like this with the authorizer configuration:

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: hello
          method: post
          authorizer:
            arn: YOUR_USER_POOL_ARN

You don't need to be restricted to a Cognito authorizer. You can use configure an authorizer for Google+, Facebook, etc.

This setting means that the Lamba function will be triggered only by authenticated users and you can identify what is the User ID by inspecting the event object: 

event.requestContext.authorizer.claims.sub
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.