How can I secure my Amazon API Gateway WebSocket API?

1 minute read
0

I want to secure my Amazon API Gateway WebSocket API.

Short description

Use Amazon API Gateway to control and manage access to WebSocket APIs through AWS Identity and Access Management (IAM) authorization or the AWS Lambda REQUEST authorizer function.

Resolution

IAM authorization

For WebSocket APIs, make sure that your routes use an ARN in the following format:

arn:aws:execute-api:region:account-id:api-id/stage-name/route-key

For more information, see Control access to WebSocket APIs with IAM authorization.

Lambda authorizer function

You can't use path variables (event.pathParameters) with Lambda authorizer functions for WebSocket APIs because the path is fixed. Make sure that the methodArn ends with "$connect" in the following format:

arn:aws:execute-api:region:account-id:api-id/stage-name/$connect

For more information, see Control access to WebSocket APIs with AWS Lambda REQUEST authorizers.

Related information

How can I set up a custom domain name for my API Gateway API?

AWS OFFICIAL
AWS OFFICIALUpdated 16 days ago