New Serverless Land Pattern waf-cloudfront-websocketapi-serverless #2560
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
parikhudit
reviewed
Jan 8, 2025
Comment on lines
21
to
22
| git clone <repository-url> | ||
| cd <repository-directory> |
There was a problem hiding this comment.
Could you please put actual URL and path?
parikhudit
reviewed
Jan 8, 2025
Comment on lines
1
to
15
| # Protecting WebSocket API with CloudFront and WAF Integration | ||
|
|
||
| This pattern implements a secure WebSocket API using AWS CDK, integrating CloudFront for distribution and WAF for protection through AWS CDK with Python. It makes use of API keys to ensure that the Websocket endpoint can only be accessed via the CloudFront distribution by passing the API key as custom header from CloudFront. | ||
|
|
||
| The WebSocket API provides real-time communication capabilities, while CloudFront ensures low-latency content delivery. The Web Application Firewall (WAF) adds an extra layer of security by protecting against common web exploits and controlling access based on configurable rules. | ||
|
|
||
|  | ||
|
|
||
| ### Prerequisites | ||
|
|
||
| - Python 3.9 or later | ||
| - AWS CDK CLI | ||
| - AWS CLI configured with appropriate credentials | ||
|
|
||
| ***Please note that AWS WAF is available globally for CloudFront distributions. So you must use the Region us-east-1 region while deploying the stack (N. Virginia)*** |
There was a problem hiding this comment.
Please refer other PRs to see template for README. It is recommended to put path for to-be serverlessland pattern in description.
parikhudit
reviewed
Jan 8, 2025
Comment on lines
71
to
85
| ## Data Flow | ||
|
|
||
| The WebSocket API handles data flow as follows: | ||
|
|
||
| 1. Client initiates a WebSocket connection to the CloudFront distribution URL. | ||
| 2. CloudFront forwards the request to the API Gateway WebSocket API with the "x-api-key" as custom header. | ||
| 3. Websocket API validates the API key and routes the request based on the route selection expression. | ||
| 4. The Lambda function is invoked to handle the WebSocket event. | ||
|
|
||
| ``` | ||
| [Client] <-> [CloudFront] <-> [API Gateway WebSocket API] <-> [Lambda Function] | ||
| ^ | | ||
| | | | ||
| +---------------------------------------------------------------+ | ||
| ``` |
There was a problem hiding this comment.
Totally optional but if possible I'd recommend to add a flow diagram for explanation
…iagram along with repo url update in the pattern.json files
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
Created a serverless land pattern that implements a secure WebSocket API using AWS CDK, integrating CloudFront for distribution and WAF for protection through AWS CDK with Python. It makes use of API keys to ensure that the Websocket endpoint can only be accessed via the CloudFront distribution by passing the API key as custom header from CloudFront.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.