如标题所问,AWS服务之间的通信默认使用SSL吗?例如,Lambda 函数将对象写入 S3,或者 Lambda 函数从 Kinesis 读取数据。
最佳答案
您可以在 docs 中查看 AWS 的服务及其支持的协议(protocol)。 .
除非另有说明,SDK 将始终选择 HTTPS 流量。您可以通过更改您正在使用的服务的 endpoint 属性来指定。只需检查上面的链接即可获取您正在寻找的服务的正确端点。
您可以在 SDK 的官方文档中了解如何执行此操作,如下所示:
const s3 = new AWS.S3({endpoint: 'https://s3.us-east-1.amazonaws.com'});
以下是 S3 Javascript SDK 的链接:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property
您还可以通过将 sslEnabled 属性设置为 true 或 false 来启用/禁用 SSL。尽管文档没有说明其默认值的任何内容,但我确实相信此标志会自动设置为 true 。仅当先前未在 endpoint 属性中指定协议(protocol)时,设置此标志才会生效。
这是从 Java SDK 中提取的:
Callers can pass in just the endpoint (ex: "ec2.amazonaws.com") or a full URL, including the protocol (ex: "https://ec2.amazonaws.com"). If the protocol is not specified here, the default protocol from this client's ClientConfiguration will be used, which by default is HTTPS.
我找到了thread在 AWS 论坛中,声明始终为 SDK 的请求启用 SSL:
If you specify AWS.config.sslEnabled = true, all endpoints will use SSL by default. There is no "fallback" to HTTP if HTTPS doesn't work or anything like that.
This can be overridden when creating an endpoint, for example by new AWS.S3({sslEnabled: false}) - that is why it is only a default setting. If you do not explicitly say sslEnabled: false in your code, you can be assured that SSL is used everywhere. And finally, even when specifying sslEnabled: true, if creating a new endpoint explicitly with a full URL, such as http://s3-eu-west-1.amazonaws.com, will override the sslEnabled setting. To say it in another way, sslEnabled only affects if http:// or https:// is automatically added to hosts specified without specifying a protocol.
And the default is to use SSL for all Amazon services by default, so adding a bucket policy that will limit connections to using SSL only will only block explicit attempts to access S3 without HTTPS (or users of different SDK:s or other access methods).
Hope this helps.
关于amazon-web-services - AWS 服务之间的通信(通过 ARN 定位)是否始终使用 SSL?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57865513/