CSRF Implementation for Cloudfront and Lambda

Hello experts, We have a backend that is lambda and UI(cloudfront) interacts with it via API Gateway. What is the best way to implement CSRF protection here?

Topics

Serverless Compute Front-End Web & Mobile Networking & Content Delivery AWS Well-Architected Framework

Tags

AWS Lambda Amazon API Gateway Security

Language

English

rePost-User-6302307

asked 8 months ago852 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hello.

AWS WAF can be configured for API Gateway and CloudFront.
So I think it is possible to add CSRF protection with AWS WAF.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html

EXPERT

Riku_Kobayashi

answered 8 months ago

rePost-User-6302307
8 months ago
I need help with implementation and validation of CSRF token. I am aware of WAF but to enable it my application must be generating and injecting CSRF token, right?

Relevant content

What is the API audit log implementation best practice?
Accepted Answer
Yedidya Schwartz
asked a year ago
Implementing SAML-Based Login and API Authorization with API Gateway, Lambda Authorizer, and Microsoft IDP
Accepted Answer
Nithish Subramaniyan
asked 4 months ago
CSRF token with static website on S3 bucket
Escape82
asked a year ago
AWS CDK: What is the best way to implement multiple Stacks/NestedStacks & share resources?
thedath-smshtp
asked 2 years ago
What are some best practices for implementing Lambda-backed custom resources with CloudFormation?
AWS OFFICIALUpdated 2 years ago
How do I pass data through an API Gateway REST API to a backend Lambda function or HTTP endpoint?
AWS OFFICIALUpdated 2 years ago
How can I troubleshoot the "internal server" error with status code 500 for API Gateway endpoints that integrate with Lambda?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot HTTP 504 errors from an API Gateway REST API with a Lambda backend?
AWS OFFICIALUpdated a year ago
Implementing request parameters validation in Amazon API Gateway REST API with Cloud Development Kit (CDK)
EXPERT
Vihang Shah
published 5 months ago
Implementing DynamoDB with the Cloud Development Kit (CDK)
EXPERT
Leeroy Hannigan
published 7 months ago