Geek Answers Handbook

How to protect Serverless Framework endpoints from abuse / DoS?

I plan to set the following setting:

  • Fully STATIC UI (built using AngularJS or similar)
  • Server Server APIs

I want to keep my front-end in S3 and my back-end in Lambda. Since every time the lambda function is executed, I charge a fee, I do not want everyone to be able to access it directly. On the other hand, I want to save my interface only on S3, and not on the server.

How do I protect the security API from abuse or DoS?

+8
amazon-web-services serverless-framework
source share
4 answers

I'm not sure that you can protect your interface from people calling it more than necessary, as it is very difficult to determine.

However, for real protection against DDoS or DoS, you probably want to use the functions of the API API gateway (check the issue of threats or abuse) or AWS new WAF . I know that WAF has the ability to block ranges of IP addresses, etc.

+4
source share

what @Boushley said +

you might want to check out Cloudflare: https://www.cloudflare.com/ddos

0
source share

In fact, the Amazon API Gateway automatically protects your server systems against distributed denial of service (DDoS) attacks, whether they are attacked by fake requests (Layer 7) or SYN floods (level 3).

0
source share

In your serverless.yml server, you can now provide the provider.usagePlan property if you use AWS.

 provider: ... usagePlan: # limit expenditures quota: limit: 5000 period: DAY throttle: burstLimit: 200 rateLimit: 100

Although this does not mean that you cannot be DDoSed (since @mrBorna mentions that AWS is trying to prevent this by default), this should mean that if you are DDoSed, you will not be significantly affected financially.

0
source share

More articles:


All Articles