In most cases SecureSphere deployments on AWS will protect web endpoints that are in the same VPC as the SecureSphere stack or in peered VPCs.
The goal is to achieve the following architecture with SecureSphere WAF and AWS (Figure 4):įigure 4: SecureSphere WAF deployment architecture to protect AWS API Gateway traffic Setting Up the SecureSphere AWS Public Endpoint Stack You don’t want the client application or users to access this endpoint directly without protection, so the next step is to set up the SecureSphere stack on AWS. Next, you need to create a proper CloudFront distribution so that Imperva SecureSphere may communicate with it without client-side SNI (Figure 3):įigure 3: AWS CloudFront Console with a new distribution forwarding to our API Gateway endpoint This stage is actually a hidden CloudFront distribution. There are good tutorials online that can teach you how to deploy such applications (with readymade CloudFormation templates).Īfter you deploy your API, the API Gateway creates a stage which has a public facing URL (see Figure 2):įigure 2: AWS API Gateway Console showing the public endpoint created after running “Deploy API” This sample application is completely serverless and uses AWS services for scaling, automatic provisioning, authorization, logging and so on. A Sample API Gateway Application – Getting StartedĪ common Amazon API Gateway deployment may look something like this (Figure 1):įigure 1: A typical application deployment pattern using AWS API Gateway While the focus here is on AWS, keep in mind the below can be applied for protecting other public endpoints or API gateway vendors as well. In this blog post we’ll explain how to protect a sample API Gateway application with SecureSphere WAF. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficult task.
Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS.
0 kommentar(er)
