As part of distributed deployment on AWS, we have moved all static web assets, including angularjs files and dependencies to an AWS S3 bucket (static website). Angularjs controllers have complete API URL pointing to a nodejs server running on an EC2 instance. I am trying to figure out what is a good way to prevent Nodejs server from processing any HTTP requests other than the ones originating from angularjs controller from the specific S3 bucket hosting the angularjs files.
Option -1 ) I cannot use S3 IP address for obvious reasons as incoming IP address for EC2 security group hosting the Nodejs server.
Option -2) I can use VPC Endpoint, but its more of a solution to allow EC2 in private subnet to access an S3 bucket.
Option -3) I can have another EC2 instance hosting a reverse proxy which the S3 angularjs will connect to. This reverse proxy will forward the request to EC2 instance running nodejs.
Option -4) Use AWS Nat Gateway, do not think its much different from option # 3.
Need folks to chime in with their thoughts keeping in mind security.
via Dev
No comments:
Post a Comment