Securing Your AWS Lambda API with API Gateway and AWS CLI

Securing your AWS Lambda API with API Gateway and API keys is an essential step to control access to your resources and protect them from unauthorized usage. In this article, we’ll walk through the process of securing your API using the AWS Command Line Interface (CLI).

Prerequisites:

  1. AWS CLI installed and configured with appropriate IAM user or role permissions.
  2. An AWS Lambda function and API Gateway already set up. If you don’t have one, follow the previous article or set up a sample API.

Step 1: Create an API Key

First, let’s create an API key that will be used for authentication.

# Replace 'YourAPIKeyName' and 'YourAPIKeyDescription' with your preferred values
aws apigateway create-api-key --name YourAPIKeyName --description YourAPIKeyDescription --enabled

This command creates an API key with the specified name and description, and it’s enabled by default. The output will include the API key’s ID and value, which you should save for future use.

Step 2: Configure Your API Gateway to Use the Key

Next, configure your API Gateway to require the API key for access. Replace the placeholders with your actual API ID, resource ID, and HTTP method.

# Replace 'YourAPIID', 'YourResourceID', and 'POST' with your API's details
aws apigateway update-method --rest-api-id YourAPIID --resource-id YourResourceID --http-method POST --patch-operations op=replace,path=/apiKeyRequired,value=true

This command updates the HTTP method to require an API key for access.

Step 3: Create a Usage Plan

Usage plans help you control and manage how many requests users can make. Create a usage plan with specific limits.

# Replace 'YourUsagePlanName', 'YourUsagePlanDescription', and rate/burst limits
aws apigateway create-usage-plan --name YourUsagePlanName --description YourUsagePlanDescription --throttle-rate-limit 100 --throttle-burst-limit 50 --api-stages apiId=YourAPIID,stage=default

In this command, you define your usage plan’s name, description, and rate/burst limits. Ensure that you specify your API ID and the desired stage.

Step 4: Attach the Key and Resource to the Plan

Now, attach the API key and the resource to the usage plan.

# Replace 'YourUsagePlanID' and 'YourAPIKeyID' with your actual IDs
aws apigateway create-usage-plan-key --usage-plan-id YourUsagePlanID --key-type API_KEY --key-id YourAPIKeyID

This command associates the API key with the usage plan, allowing you to control access to your API resources effectively.

Step 5: Testing

With your API secured, it’s time to test it. You can use tools like Postman or the AWS CLI to make authenticated requests.

# Replace 'YourAPIKey' and 'YourAPIURL' with your actual values
aws apigateway test-invoke-method --rest-api-id YourAPIID --resource-id YourResourceID --http-method POST --path-with-query-string "" --body "" --headers "x-api-key=YourAPIKey" --endpoint-url YourAPIURL

This command sends a test request to your API, including the API key in the request headers. Make sure to replace the placeholders with your API key and URL.

Congratulations! You’ve successfully secured your AWS Lambda API with API Gateway and API keys using the AWS CLI. This added layer of security ensures that only authorized users can access your resources while allowing you to manage usage effectively.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top