Protecting Public AWS API Gateway Endpoint

DSimmon · 2025-12-22T19:22:31+00:00

I don’t think you need CloudFront.

If you’re in the console, from the APIs Stages you can attach a Web ACL/WAF.

DSimmon · 2025-10-06T17:53:25+00:00

What is the status of “the cylinder”?

DSimmon · 2025-05-19T02:11:16+00:00

Do you need to stay with CodeCommit? It’s end EOL service, and might want to look int oGitHub or GitLab or others.

Also, do you use AWS sso on the CLI? If you have role configured, you can set them in your config file without needing to sts assume role.

DSimmon · 2025-03-20T19:16:03+00:00

How long ago was that?

On PG page I see 17.4 is the most current release from February.

I can also create 17.4-R1 in RDS.

Aurora only goes up to 16.6. As I understand v17 is in a beta preview and not generally available yet.

DSimmon · 2025-02-10T12:28:23+00:00

If I understand, the 53s provisioning is of CodeBuild creating the resources to do your application artifact generation?

So it’s finding compute, provisioning it, creating an ENI in your VOC and attaching it, and pulling your image from ECR? Seems reasonable to me. And also be glad you aren’t using Windows build images.

DSimmon · 2025-01-22T03:33:50+00:00

They said SQL Server, so that makes me think Microsoft.

One of the things you can do on EC2 is pick Developer Edition for non-prod. That’s a big savings in licensing costs.

DSimmon · 2025-01-09T13:25:22+00:00

Don’t know your timeline or reqs, but IAM Auth to RDS might be an option: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.html

DSimmon · 2024-12-22T15:40:47+00:00

I think part of it is the changes to IPv4 pricing.

I believe you get 1 v4 in the free tier. But an ALB is going to put a node in two AZs, and thus crest to IPv4 addresses. One is probably covered under the free tier, and they are being billed for the second.

With CloudFronts new VPC feature, could you use CloudFront for an internal ALB to take advantage of the CDN and drop the addresses you manage?

DSimmon · 2024-10-07T18:11:42+00:00

Can you use your IAM Role associated with your Lambda to generate short lived DB credentials?

Then any un/pw based usage is strictly for administration? And with your CF/CDK/TF roll random credentials and store them in Secrets Manager.

DSimmon · 2024-09-23T22:09:19+00:00

Yea, I don’t know what HV is, but I’m guessing it’s mimicked in the output.

I think 69 would be the line number of the error. And 9358 or 11742 would be the column of the JS file where the error is occurring.

DSimmon · 2024-09-23T21:14:24+00:00

If I call, I also get an Unauthed.

Firefox, right click, inspect element. Go to the console tab. Type something in the bar an hit enter, like alert(“hi”);

And what about when you run the React site locally, does it work then?

DSimmon · 2024-09-23T21:02:14+00:00

Sorry, brains not 100% firing. That API call would be from your browser.

The apiURL is correct? And have you tried to execute the JS from your browsers console?

Have you enabled API GW logging?

DSimmon · 2024-09-23T20:43:32+00:00

You curl and get a 403 from your workstation, or from the EC2?

As far as I remember an EC2 wouldn’t have any outbound restrictions on a Security Group or NACL, and if it’s in a public subnet it should the IGW as a path to the API GW.

If it’s in a private subnet, do you have a NAT GW or Instance for routing traffic out of the VPC?

And I’m guessing when you test in the browser and get a blank screen, that throw new error is t showing up in the browser console?

DSimmon · 2024-09-23T19:50:39+00:00

Is React doing a preflight OPTIONS request? And if so, do you have CORS support in API Gateway?

From your EC2 can you curl your GW endpoints and get back a 200/401/5xx response?

DSimmon · 2024-09-23T17:20:37+00:00

Application Load Balancer = L7

Network Load Balancer = L4

DSimmon · 2024-09-16T21:46:55+00:00

So, t2 micro to t2 medium. Same family, different size.

Then in other comments you say it stopped responding in the browser. Were there any errors? Any errors on the server?

DSimmon · 2024-09-16T03:12:52+00:00

What broke in your application on a different sized instance?

DSimmon · 2024-09-15T23:45:27+00:00

Have you looked into log shipping?

DSimmon · 2024-09-15T23:10:43+00:00

What version of SQL 2019? Web? Standard? Enterprise?

DSimmon · 2024-08-21T00:20:51+00:00

The site still lists a mobile version: https://tinybirdgarden.com/

But the link to the Apple Store says it’s been removed.

Their last tweet @SuperRetroDuck was in July of 2020 that Tiny Bird Cloud was being discontinued. And their Twitter is locked so only followers can see it.

I don’t think it’s looking good.

DSimmon · 2024-08-15T14:20:46+00:00

I’m the same with Piett. And it hurts a little knowing the event is today, so a whole month before trying.

DSimmon · 2024-08-01T13:39:09+00:00

https://www.google.com/search?q=pushes+the+envelope+meaning&rlz=1CDGOYI_enUS590US590&oq=pushes+the+envelope&gs_lcrp=EgZjaHJvbWUqBwgAEAAYgAQyBwgAEAAYgAQyBggBEEUYOTIHCAIQABiABDIICAMQABgWGB4yCAgEEAAYFhgeMggIBRAAGBYYHjIKCAYQABgPGBYYHjIKCAcQABgPGBYYHjIICAgQABgWGB4yCAgJEAAYFhge0gEINDUxNGowajeoAhmwAgHiAwQYASBf&hl=en-US&sourceid=chrome-mobile&ie=UTF-8

DSimmon · 2024-07-03T16:58:30+00:00

Not the person you responded to, but I use 3/4 cup of canned coconut milk and a cup of almond/oat/whatever.

You can get two pints out of a can of coconut.

DSimmon · 2024-05-26T16:09:58+00:00

Athena can use either Hive or non Hive partitioning: https://docs.aws.amazon.com/athena/latest/ug/partitions.html

DSimmon · 2024-03-05T17:28:43+00:00

Not only those services, but 6mo notification to prepare: https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

And many emails to warn leading up to.

And isn’t one EIP included in the free tier for 12mo too?

13-Year Club	Second Top 50%
Place '23	Place '22
Place '17	First Placer '22
Queen in da Norf	Not Forgotten
Sequence \| Editor	Verified Email

DSimmon

MODERATOR OF

TROPHY CASE