Learning AWS Day by Day — Day 58 — Security in API Gateway

Saloni SinghSaloni Singh
2 min read

Exploring AWS !!

Day 58

Security in API Gateway

Security is one of the most important aspects. Security is the responsibility of both AWS and you, as being an AWS customer, AWS as well keeps your security as priority. The shared responsibility describes security in the cloud and of the cloud.
Security of the Cloud: AWS is responsible for the security of the cloud. It is responsible for all the infrastructure security that you are running on the cloud. Third party security validators often verify and test the security as part of the AWS Compliance Programs.
Security in the Cloud: You are responsible for the security inside the cloud of the infrastructures you provision, factors like strong password, sensitivity of data, laws and regulations of your company.

Data Protection
For your data protection , it is recommended to secure your sensitive information like password, protecting AWS account credentials, use IAM user policy, with least privilege given. You can secure your data in below ways:
Use MFA with each account, including IAM User account and root account.
Use SSL/TLS to communicate with resources.
Use CloudTrail for user activity logging and setting up API.
Use encryption solutions, and managed AWS advanced services like Macie which is used for securing data in S3.

Data Encryption in API Gateway
Data Encryption at Rest in API Gateway: When enabling caching for REST API, you can enable cache encryption.
Data Encryption in Transit in API Gateway: API gateway APIs expose only HTTPS endpoints only, doesn’t expose HTTP.
Manages certificate for default execute-api endpoints.
Can setup CloudFront distribution with custom SSL certificates and use it with regional APIs.

Internetwork Traffic Privacy We can create private REST APIs, that can be accessed only from VPCs. You can allow or deny access to APIs from specific VPCs or VPC endpoints. Each endpoint can be used to access multiple APIs. We can also use Direct Connect for establishing a network from on-prem to Amazon VPC and then access your private API over that network. In all of these scenarios, the traffic to your private API uses secure connection, and stay within Amazon network, isolated from public.

0
Subscribe to my newsletter

Read articles from Saloni Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Saloni Singh
Saloni Singh

• A Software Engineer with hands-on experience in AWS and Aws DevOps • Experience in CodePipeline using CodeCommit, CodeBuild and CodeDeploy • Experience with Terraform, Gitlab, Kubernetes, AWS DevOps, Helm charts, Golang, Python and NodeJS • Hands-on experience on AWS Migration projects including services - DMS, Glue, Aurora, Lambda, S3 • Possesses good knowledge on Bash Shell Scripting and Python Programming