Right now, the API Gateway forwards requests to the Discovery API Beanstalk (http://discovery-api-production.us-east-1.elasticbeanstalk.com/). Normally, servers would NOT be directly, publicly accessible and the API Gateway would provide DoS protection, authentication, etc. and only forward authenticated requests to protected endpoints.
However, when forwarding requests to HTTP integrations from the API Gateway like we're doing with the Discovery API, it requires that servers be publicly accessible. This essentially exposes protected endpoints like: http://discovery-api-production.us-east-1.elasticbeanstalk.com/api/v0.1/request/deliveryLocationsByBarcode.
The "right" way to handle this, from AWS's perspective, is to use Client-Side SSL Certificates for Authentication by the Backend. However, this might be overly complicated.
Anyway, let's discuss and see if we can come up with a good solution.
Right now, the API Gateway forwards requests to the Discovery API Beanstalk (http://discovery-api-production.us-east-1.elasticbeanstalk.com/). Normally, servers would NOT be directly, publicly accessible and the API Gateway would provide DoS protection, authentication, etc. and only forward authenticated requests to protected endpoints.
However, when forwarding requests to HTTP integrations from the API Gateway like we're doing with the Discovery API, it requires that servers be publicly accessible. This essentially exposes protected endpoints like: http://discovery-api-production.us-east-1.elasticbeanstalk.com/api/v0.1/request/deliveryLocationsByBarcode.
The "right" way to handle this, from AWS's perspective, is to use Client-Side SSL Certificates for Authentication by the Backend. However, this might be overly complicated.
Anyway, let's discuss and see if we can come up with a good solution.