0

I have an api server sat behind a load balancer as part of an AWS elastic beanstalk configuration.

I want to ensure that only my web application can talk to the api server (via the load balancer). My web application is hosted in s3. Can somebody please enlighten me as to the best way to go about this?

Thanks in advance.

user7896385
  • 21
  • 3

1 Answers1

0

S3 simply serves your web app's static files to an end-user's web browser. The application runs in each user's web browser. No code is ever running on S3. As such, there is no way to do what you are asking.

You might want to look into something like API keys, or possibly AWS Cognito.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Thanks for the response. Is it not possible to lock it down via domain, e.g. from specific urls? – user7896385 Oct 02 '19 at 08:53
  • @user7896385 I think you can add a check for an `origin` HTTP header on your application server, but that header is easily spoofed and should by no means be considered a true security measure. – Mark B Oct 02 '19 at 11:42