Congratulations! You've made it through the workshop. Let's look back through what you accomplished...¶
You created a RESTful backend with Amazon API Gateway¶
Our backend includes a Java Springboot application with a MySQL database running on an EC2 instance in a private subnet. This is exposed via a private integration with an API hosted on Amazon API Gateway.
You used the following to enhance the security posture of your API:¶
- A resource policy to control which principals can invoke your API.
- A private integration to expose a private resource via your API.
- Input validation to ensure only valid inputs get passed along to our backend through your API.
- A web application firewall to help protect against common web exploits like SQL injection and cross-site scripting.
- A usage plan and API key to set limits on the request rate for consumers of your API.
- Authentication via Amazon Cognito to ensure that only authenticated and authorized users may invoke your API.
- X-Ray to trace requests through your API.
Want to explore more? Check out these other useful resources:¶
AWS Tutorial: Build a Serverless Web Application
Workshops: Wild Rydes Serverless Workshops
AWS Amplify Framework - an opinionated, category-based client framework for building scalable mobile and web apps