{"id":45785,"date":"2022-03-18T00:00:00","date_gmt":"2022-03-18T00:00:00","guid":{"rendered":"urn:uuid:7914b718-711d-afc3-24bd-6c3f9493d2ad"},"modified":"2022-03-18T00:00:00","modified_gmt":"2022-03-18T00:00:00","slug":"how-to-secure-aws-serverless-apis","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/","title":{"rendered":"How to Secure AWS Serverless API(s)"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/tn-aws-serverless.jpg\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <!-- Begin mPulse library --> <!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"Discover how to easily secure AWS serverless API(s) to protect against known and unknown vulnerabilities.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"how to,network security,article,aws\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"defaultArticleWithoutHero\"> <meta property=\"article:published_time\" content=\"2022-03-18\"> <meta property=\"article:tag\" content=\"network security\"> <meta property=\"article:section\" content=\"how to\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/22\/c\/secure-aws-serverless-api.html\"> <title>How to Secure AWS Serverless API(s)<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/devops\/22\/c\/secure-aws-serverless-api.html\"><br \/>\n<meta property=\"og:title\" content=\"How to Secure AWS Serverless API(s)\"><br \/>\n<meta property=\"og:description\" content=\"Discover how to easily secure AWS serverless API(s) to protect against known and unknown vulnerabilities.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/tn-aws-serverless.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"How to Secure AWS Serverless API(s)\"><br \/>\n<meta name=\"twitter:description\" content=\"Discover how to easily secure AWS serverless API(s) to protect against known and unknown vulnerabilities.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/tn-aws-serverless.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business context-devops\" id=\"readabilityBody\" readability=\"49.806157354618\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1069834110\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"7.7293233082707\">\n<div class=\"article-details\" role=\"heading\" readability=\"34.781954887218\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Network Security<\/p>\n<p class=\"article-details__description\">Discover how to easily enhance security of your container-based AWS serverless API to protect against known and unknown vulnerabilities.<\/p>\n<p class=\"article-details__author-by\">By: Anna Lapyko <time class=\"article-details__date\">March 18, 2022<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"34.422321428571\">\n<div readability=\"15.514285714286\">\n<p>Container-based serverless APIs are becoming increasingly popular as many organizations move toward cloud native applications. Serverless containers outsource the effort of managing the actual servers, making it easier to scale quickly and maintain at any scale. However, you are still responsible for protecting your public APIs from being exploited by known and unknown vulnerabilities.<\/p>\n<p>I am going to show you how to enable additional security protection for serverless container-based APIs with Amazon ECS and Amazon API Gateway, based on <a href=\"https:\/\/aws.amazon.com\/blogs\/architecture\/field-notes-serverless-container-based-apis-with-amazon-ecs-and-amazon-api-gateway\/\" target=\"_blank\" rel=\"noopener\">this architecture<\/a>:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure1-aws.png\" alt=\"aws\"> <\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"46.417910447761\">\n<div readability=\"41.776119402985\">\n<p>Source: <a href=\"https:\/\/aws.amazon.com\/blogs\/architecture\/field-notes-serverless-container-based-apis-with-amazon-ecs-and-amazon-api-gateway\/\" target=\"_blank\" rel=\"noopener\">AWS Architecture Blog<\/a><\/p>\n<p>By deploying Trend Micro Cloud One\u2122 \u2013 Network Security, visibility of network traffic across your enter architecture will dramatically increase, enabling security operation teams to quickly detect and investigate suspicious behavior without impacting developers\u2019 workflows.<\/p>\n<p><span class=\"body-subhead-title\">Serverless container-based API architecture overview<\/span><\/p>\n<p>As you can see above, there are two services created: <b>petstore<\/b> and <b>foodstore<\/b>. Both services are running behind API-Gateway and are enabled to receive PUT and GET requests. Unauthenticated users can only send GET requests whereas authenticated users can send both GET and PUT requests. In this example, Amazon Cognito is used to perform user authentication, Amazon DynamoDB for persistent storage, and Amazon ECS to host the services.<\/p>\n<p>Amazon ECS services are running in a private subnet and API Gateway uses a <a href=\"https:\/\/docs.aws.amazon.com\/apigateway\/latest\/developerguide\/http-api-vpc-links.html\" target=\"_blank\" rel=\"noopener\">VPC link<\/a> (APIGW VPC Link in the diagram) in order to connect to them. APIGW VPC Link and Amazon ECS services are running in the same subnets (per availability zone).<\/p>\n<p>By using <a href=\"https:\/\/aws.amazon.com\/about-aws\/whats-new\/2021\/08\/amazon-vpc-subnets\/\" target=\"_blank\" rel=\"noopener\">Amazon VPC Routing Enhancements<\/a>, we can now easily intercept traffic coming from API Gateway to APIGW VPC Links and send it for inspection, making sure that only clean traffic reaches ECS services.<\/p>\n<p>In this example we are going to send the traffic coming from API Gateway for inspection to a Security VPC, with a Gateway Load Balancer (GWLB) deployed together with a fleet of Trend Micro Cloud One\u2122 \u2013 Network Security appliances. We will create a Security VPC in your AWS account by using an AWS CloudFormation template.<\/p>\n<p>To follow along with this article, you can <a href=\"https:\/\/cloudone.trendmicro.com\/trial\" target=\"_blank\" rel=\"noopener\">sign up for a free, 30-day trial of Trend Micro Cloud One\u2122<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/picture-aws.png\" alt=\"aws\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36.5\">\n<div readability=\"18\">\n<p><span class=\"body-subhead-title\">Create Security VPC in your AWS Account<\/span><\/p>\n<p>You can use ready-to-deploy CloudFormation templates to launch Security VPC stack in your AWS Account. The templates will create a new Security VPC and all resources required for traffic inspection, like subnets, Network Security appliances, GWLB, etc.<\/p>\n<p>The following diagram shows the architecture of the Security VPC automatically created by CloudFormation templates.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure2-security.png\" alt=\"security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>To create Security VPC resources, first create a new Macro CloudFormation stack:<br \/>1. Select <b>Launch Stack<\/b> by clicking on the button below:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"a6eb00\" href=\"https:\/\/console.aws.amazon.com\/cloudformation\/home?#\/stacks\/create\/template?stackName=CloudOneNetworkSecurityMacro&amp;templateURL=https:\/\/trendmicro-tippingpoint.s3.amazonaws.com\/documentation\/templates\/macro.yml\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure3-launch.png\" alt=\"launch\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>2. Leave any parameters on their default settings, then click <b>Create stack<\/b>.<br \/>3. Wait until the stack transitions to \u201cCREATE_COMPLETE\u201d state.<\/p>\n<p>Secondly, create a new Security VPC Stack:<br \/>1. Select <b>Launch Stack<\/b> by clicking on the button below:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"fd0742\" href=\"https:\/\/console.aws.amazon.com\/cloudformation\/home?#\/stacks\/create\/template?stackName=CloudOneNetworkSecurity&amp;templateURL=https:\/\/trendmicro-tippingpoint.s3.amazonaws.com\/documentation\/templates\/security_vpc_legacy.yaml\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure3-launch.png\" alt=\"launch\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.726224783862\">\n<div readability=\"12.512968299712\">\n<p>2. Refer to Trend Micro Cloud One <a href=\"https:\/\/cloudone.trendmicro.com\/docs\/network-security\/GWLB_CFdeploy1\/\" target=\"_blank\" rel=\"noopener\">documentation<\/a> for more information regarding stack parameters values.<\/p>\n<p><span class=\"body-subhead-title\">Prepare your environment to inspect traffic<\/span><\/p>\n<p>Before sending traffic for inspection to you Security VPC make sure to move APIGW VPC Links to separate subnets. Refer to the diagram below to see how the infrastructure will look like at this point.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure5-aws.png\" alt=\"aws\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38.282522996058\">\n<div readability=\"22.576872536137\">\n<p>If your APIGW VPC Links are already in separate subnets in your real environment, you can skip this step.<\/p>\n<p>Next, you need to create one subnet per availability zone for <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/privatelink\/vpce-gateway-load-balancer.html\" target=\"_blank\" rel=\"noopener\">GWLB endpoints<\/a>, which are used to intercept traffic and route it to Security VPC. Make sure to use a small CIDR block like \/28 for these subnets, since you are going to need just one endpoint network interface in each of them.<\/p>\n<p>Now you are ready to enable traffic inspection for your serverless API by automatically sending traffic coming to APIGW VPC Links from API Gateway to Security VPC for inspection. Use Amazon VPC Ingress Routing for this, since it allows us to create more specific routes than the default local route.<\/p>\n<p>Refer to the diagram below to see how the routes should look like:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure6-aws.png\" alt=\"aws\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>As you can see, all traffic coming to APIGW VPC Link subnets for Amazon ECS subnets will be now redirected to GWLB endpoints, and automatically sent to Network Security appliances for inspection. Refer to the diagram below for a complete setup:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/figure7-aws.png\" alt=\"aws\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.367760617761\">\n<div readability=\"13.540540540541\">\n<p><span class=\"body-subhead-title\">Next steps<\/span><\/p>\n<p>Just a couple tweaks to your architecture with Network Security can ensure your container-based serverless APIs are being continuously monitored for known and unknown vulnerabilities. Automated scans of ingress, egress, and lateral movement with customizable post-scan actions help security teams contain and investigate potential threats quickly, which in turn lets developers build quickly. To learn more about Network Security capabilities and integrations with AWS services, check out <a href=\"https:\/\/cloudone.trendmicro.com\/docs\/network-security\/\" target=\"_blank\" rel=\"noopener\">our documentation<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"devopsrc-2245d1\" href=\"https:\/\/www.trendmicro.com\/en_us\/business\/campaigns\/cloud-one-trial.html\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/trial-banners\/cloud-one-trial-banner.jpg\" alt=\"cloud-one-trial\"> <\/a> <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/22\/c\/secure-aws-serverless-api.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discover how to easily enhance security of your container-based AWS serverless API to protect against known and unknown vulnerabilities. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45786,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9503,9505,9571,9676],"class_list":["post-45785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-devops-article","tag-trend-micro-devops-aws","tag-trend-micro-devops-how-to","tag-trend-micro-devops-network-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Secure AWS Serverless API(s) 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Secure AWS Serverless API(s) 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-18T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/tn-aws-serverless.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"How to Secure AWS Serverless API(s)\",\"datePublished\":\"2022-03-18T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/\"},\"wordCount\":816,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/how-to-secure-aws-serverless-apis.png\",\"keywords\":[\"Trend Micro DevOps : Article\",\"Trend Micro DevOps : AWS\",\"Trend Micro DevOps : How To\",\"Trend Micro DevOps : Network Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/\",\"name\":\"How to Secure AWS Serverless API(s) 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/how-to-secure-aws-serverless-apis.png\",\"datePublished\":\"2022-03-18T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/how-to-secure-aws-serverless-apis.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/how-to-secure-aws-serverless-apis.png\",\"width\":1200,\"height\":556},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-secure-aws-serverless-apis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro DevOps : Article\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-devops-article\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to Secure AWS Serverless API(s)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Secure AWS Serverless API(s) 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/","og_locale":"en_US","og_type":"article","og_title":"How to Secure AWS Serverless API(s) 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-03-18T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/c\/how-to-secure-aws-serverless-apis\/tn-aws-serverless.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"How to Secure AWS Serverless API(s)","datePublished":"2022-03-18T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/"},"wordCount":816,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/03\/how-to-secure-aws-serverless-apis.png","keywords":["Trend Micro DevOps : Article","Trend Micro DevOps : AWS","Trend Micro DevOps : How To","Trend Micro DevOps : Network Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/","url":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/","name":"How to Secure AWS Serverless API(s) 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/03\/how-to-secure-aws-serverless-apis.png","datePublished":"2022-03-18T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/03\/how-to-secure-aws-serverless-apis.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/03\/how-to-secure-aws-serverless-apis.png","width":1200,"height":556},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/how-to-secure-aws-serverless-apis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro DevOps : Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/"},{"@type":"ListItem","position":3,"name":"How to Secure AWS Serverless API(s)"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45785"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45785\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45786"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}