APIs are typically used to enable application integration, facilitate communication between application components, and provide an abstraction layer for accessing backend services, including databases, within an organization. Security is a top concern for developers, as it is crucial to create APIs protected against vulnerabilities such as SQL injection attacks and unauthorized access. To address these concerns, developers often design architectures that implement security at multiple API layers to ensure robust protection against vulnerabilities and unauthorized access.
You’ll set up an API using Amazon API Gateway in this Cloud Lab. This API will invoke a Lambda function that will retrieve data from an Aurora MySQL database and return it as a response to the API request. After deploying this API, you’ll notice that our API is not secure. APIs can be vulnerable to SQL injection attacks without proper security, allowing attackers to manipulate database queries. Additionally, if the API’s invoke URL is not adequately protected, unauthorized users could access and retrieve data from the database.
To prevent this, you’ll secure the API as follows:
After completing this Cloud Lab, you can use AWS WAF and Cognito to deploy secure APIs. A high-level architecture diagram for this Cloud Lab is given below: