I can’t really find any documentation on how to protect a public lambda function url. If it’s open to the public, it seems like it would be very vulnerable to being spammed by some malicious actor. What is the best practice for protecting the lambda?
Question posted in Amazon Web Sevices
The official Amazon Web Services documentation can be found here.
The official Amazon Web Services documentation can be found here.
2
Answers
Setup API Gateway in front of Lambda then Enable authorization on API Gateway. Malicious requests will not reach too your Lambda function.
According to this page, there are two types of AuthType options.
The AuthType parameter determines how Lambda authenticates or authorizes requests to your function URL. When you configure your function URL, you must specify one of the following AuthType options:
AWS_IAM – Lambda uses AWS Identity and Access Management (IAM) to authenticate and authorize requests based on the IAM principal’s identity policy and the function’s resource-based policy. Choose this option if you want authenticated users and roles to invoke your function via the URL.
NONE – Lambda doesn’t perform any authentication before invoking your function. However, your function’s resource-based policy is always in effect and must grant public access before your function URL can receive requests. Choose this option to allow public, unauthenticated access to your function URL.
I am guessing you want to use the AWS_IAM option. If neither option suits your need, I suggest attaching it behind API Gateway.