0

I am quite new to backend type work, so I am teaching myself postgres and express. I have built an API that uses JWT authentication and allows calls only from one host, but I am wondering if there is anything more I need to do in order to protect db access.

I have deployed my REST API on AWS Elastic Beanstalk. I plan on moving everything to lambda + api gateway, but even then besides API security, is there any general guideline as to how to protect db access? I have looked online, but most tutorials do not even cover authentication and such. Thanks

a person
  • 1,518
  • 3
  • 17
  • 26

1 Answers1

0

As long as the Security Group for your RDS server only allows incoming network traffic from your Elastic Beanstalk servers (or your Lambda functions) then you can be sure that nothing else is able to access your database.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Hey Mark one more question if you don't mind. Would API Gateway + Lambda give me better performance than running a elastic beanstalk node/express app? I'm using `pg` library for postgres, not sure if AWS offers some way for me to connect to RDS postgres. THanks – a person Feb 05 '17 at 05:47
  • You would need to continue using that library to connect to Postgres. API Gateway + Lambda would probably perform a bit worse than a server that is constantly running. – Mark B Feb 05 '17 at 13:34
  • Ah. Thanks Mark. – a person Feb 06 '17 at 00:44
  • May I ask one more question? Why do you think that the API Gateway + Lambda would perform slower? From what I understand of that library, I can create a bunch of client pool if I have a continuously running server with enough resources. But with Lambda I can just have as many connections as possible right? It would be like having 1 client per lambda request? – a person Feb 06 '17 at 00:51
  • 1
    You would have to wait for each Lambda invocation to start up and create a new connection, which is slower than using connections already open, sitting in a pool and waiting. Plus your database is going to have a limit on the number of connections it can handle. – Mark B Feb 06 '17 at 01:14