Giter Site home page Giter Site logo

cfntechnical's Introduction

CFNTechnical

Firstly thank you for taking the time to review and consider the enclosed work. I genuinely appreciate it! Also forgive my GitHub handle, this is a very old account :)

To run this template and interact with the resulting resources requires the following.

  • Name your stack
  • Supply a name without the presence of whitespace or special chars.
  • Supply your email and accept the topic subscription sent to the address you provide.
  • You can then test the Api by posting to the endpoint returned within the output of your CFN deployment, adhering to the model schema which can be found in API Gateway. Please note that only new PUTS will register in the stream, thus invoking SNS.

Example: $ curl -X POST \

https://.execute-api..amazonaws.com/v1/add_new \

-H 'Content-Type: application/json' \

-H 'cache-control: no-cache' \

-d '{"team_rating":"1","team_country":"Ireland","team_desc":"Best Rugby Team","team_name":"Ireland"}'

Improvements: The main improvements centre around the principles of least privilege as well as defence in depth. All layers of the deployed architecture shoud be protected against potential compromise. Should compromise take place, the blast radius should be minimized as much as is possible. With that in mind I believe I have upgraded this template. This was done by restricting resources to invoking and consuming only the services needed and no more. Whether that be explicitly dictating the stream which should be used as an event trigger for Lambda or by limiting the CRUD operations available to a given Lambda execution against DynamoDB or any data store for that matter.

Ideally, this template would have an Authenticated API either using a Lambda, Cognito or IAM Authorizer[1]. For relative certainty that common exploits are mitigated against, the API could be deployed behind a WAF[2]. This would both defend in earnest against any would be attacker and minimize the avenues of attack available should the perimiter be breached.

I look forward to speaking with you.

[1] Authentication for API Gateway https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html [2] WAF https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html

cfntechnical's People

Contributors

paddyirishman avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.