LoginSignup
0
0
@vanshi

APIGatawayで指定のヘッダーを含まないリクエストを許可する方法

Posted at

APIGatawayで、指定のヘッダーが無いとリクエストを拒否する設定

APIGatawayのリソースポリシーに以下を設定

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "arn:aws:execute-api:ap-northeast-1:{アカウントID}:{APIリソースの識別英数字}/*",
      "Condition": {
        "StringNotEquals": {
          "aws:Referer": "{適当な文字列}"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "arn:aws:execute-api:ap-northeast-1{アカウントID}:{APIリソースの識別英数字}/*"
    }
  ]
}

Cloudfrontのオリジンで以下を設定
スクリーンショット 2023-12-20 16.18.21.png

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0