In this module, you have accomplished:

  1. Create an authorizer mechanism based on OAuth flows for 3rd party developers to access your site
  2. Define CORS mechanism for your API which limited accessed IP Address and Domain to your APIs
  3. Create an Usage Plan which manage Client’s quotas to your APIs
  4. Create 3 layers of AWS WAF to protect your API from:
    • SQLInjection
    • Cross-site Scripting
    • Flooding request

Extra-points: Beside above features, API Gateway also supply further security layers such as:

  • SSL in-transit for DB connections
  • Secret Manager
  • Input validation

    These features will be mentioned in another courses