问题
I have a API on AWS API gateway which calls LAMBDA function and I want to add IP whitelisting for that API so the allowed IPs only can have access to that API. How can I achieve this?
回答1:
There is a really extended blog post about this which you can find here.
Bottom line, it comes to this:
- per method, select IAM Authorization method.
- Create a new IAM policy that looks like the one below and attach it to the API Method
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "execute-api:Invoke" ], "Condition": { "IpAddress": { "aws:SourceIp": "xxx.xx.xx.xx/32" } }, "Resource": "arn:aws:execute-api:::*" } ] }
you can add multiple SourceIps if needed
来源:https://stackoverflow.com/questions/50227727/adding-ip-whitelisting-security-to-api-gateway