1 Answer
- Newest
- Most votes
- Most comments
1
Hi, @sgupta07
Unfortunately, AppSync doesn't have the ability to disable the default endpoint like API Gateway does.
I came up with an alternative. (But not perfect)
You can assign AWS WAF ACLs to AppSync.
Using this mechanism, you can block access by directly specifying the default domain by blocking if the "host" header is not a custom domain in the WAF rule.
https://docs.aws.amazon.com/appsync/latest/devguide/WAF-Integration.html
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you @iwasa. This solution seems to to block the default endpoint. Why do you think it's not perfect?
Cases controlled by the host header can also be called by requesting the default endpoint by sending a custom domain in the host header at the time of request.
@iwasa. I'm sorry for asking again. Is there any way we can make the host header secure? So that default endpoint can't be accessed.