Formas de asegurar una app serverless

How to secure our serverless application with API Gateway?

Whenever we build an application, security is a fundamental pillar that we must be sure to address. When working with serverless applications on AWS, one of our greatest allies is the API Gateway. This service not only makes it easy to create and manage APIs, but also provides important mechanisms to protect our resources. Let's explore two main forms of security that API Gateway offers: the use of API keys and custom authorizers.

What are API keys and how do we use them?

API keys are alphanumeric strings that API Gateway provides to secure requests to our serverless application. This method is simple but effective, because the key works as a key that allows access only if it matches the one stored in the system, thus ensuring that our Lambda functions are only invoked by authorized users.

• Similarity with other services: Like many third-party APIs, AWS also employs this access key system.
• Configuration: API keys in API Gateway can have different attributes and configurations to suit our particular needs.

What are custom authorizers and how do they work?

Custom authorizers are more advanced pieces of authentication and authorization in API Gateway. They allow us to use a custom Lambda, giving us the flexibility to implement specific business logic to validate and authenticate users.

• Use of JSON Web Tokens (JWT): These tokens provide additional attributes such as expiration date and the subject to which they were assigned, offering an extra layer of security.
• Versatile Validity: Beyond authenticating users and passwords, custom authorizers allow the creation of access rules based on user roles and organization-specific characteristics, resulting in highly customizable solutions.

How does AWS Cognito compare to these tools?

AWS Cognito integrates into the AWS serverless ecosystem as a powerful option for managing users. This service enables the creation of user pools and offers functionality such as single sign-on, which are essential for complex applications that require more robust authentication and authorization management.

• Integration with other applications: Cognito enables easy integration with multiple applications, facilitating expansion and centralized user management.
• Extensive features: In addition to basic authentication, Cognito supports advanced features such as identity federation, extending its reach and functionality.

Continue to explore and apply these security strategies in your next deployment. Security is not only a must-have, it is critical to meeting the best practices of the AWS Well-Architected Framework and ensuring the success and resiliency of your serverless applications. Don't stop learning and move towards secure and well-structured practices!