How to secure lambda function

Hi,

I got lambda function to work for the first time! Now its is working the endpoint is public. How do I restrict access to the lambda function? I only want my app in the same domain to access to the lambda function. Is there anything I can configure to do that?

Thank you

Jake

Hi @zhex900, you’ll get this by default if you don’t add CORS headers. Other websites won’t be able to make requests to your functions if they are on different domains. If you need more security than this then you should probably pass a special token with all requests to your function that you verify in the function before processing the request. Note that CORS only applies to requests made from the browsers. Anyone can make requests from a backend server to your function even if you don’t have CORS setup to allow it.

2 Likes

@futuregerald You mention using a special token. Could you elaborate on this please? I’ve implemented a signed cookie. Looking for advice.

Implementing a signed cookie can be done any number of ways. One approach could be a separate lambda function that issues JWT using https://www.npmjs.com/package/jsonwebtoken. The token this function provides can then be saved in localstorage or a cookie. You can then make sure you send this token with your requests to your existing function and add some logic that decrypts the token using the same jsonwebtoken package.

The only advice I can provide is to try using JWT as mentioned in my previous reply. Perhaps someone else might have another approach they can share.

Can you suggest anyone?

Hi @berni - unfortunately, we can’t suggest anyone specific who might work on this with you, but if you do come up with a solution please let us know.