I've got an iOS Shopping App and want to send crash dumps to an AWS Lambda Function.
To save costs for an API Gateway I want to send them directly to Lambda.
How can I authenticate the App and configure it so no other App can send crash dumps to my Lambda Function?
2 Answers 2
- AWS Cognito https://aws.amazon.com/cognito/
- Manually develop all the auth code. OAuth 2.0 with JWT tokens for example. In that case your Lambda can be executed by anyone (Bad idea), still you can limit concurrent executions.
Sign up to request clarification or add additional context in comments.
Comments
I'll tell you what i have do for a similar problem:
- create an AWS user for the app, so the app has access to
AWS_SECRET_KEY_IDandAWS_SECRET_ACCESS_KEY - In the app, (for safety) encrypt a crafted json with aws credentials using a KMS key for example
- Invoke the lambda function with the encrypted payload as parameter, decrypt the payload and get user identity as following:
session = boto3.Session(
aws_access_key_id=session['access_key'],
aws_secret_access_key=session['secret_access_key'],
aws_session_token=session['security_token']
)
client = session.client('sts')
response = client.get_caller_identity()
1 Comment
Axwack
This seems insecure. What is the design pattern when your code resides, say on PREMISES, but you are accessing the AWS from a data center? Do you have to create a server and put this in the user profile as the user?
Explore related questions
See similar questions with these tags.
lambdafunction cannot be exposed endpoint url. you better integrate withapi gateway.aws cognitowithlambda?