I have cloud function in GCP which triggers when any object is received in s3 bucket using SNS notification. SNS has been configured in such a way, when any object comes in s3 bucket it notifies GCP cloud function about it using http trigger(https url). As of now Cloud function end point is public so that it could be triggered from anywhere even from web browser if someone has the url which is big security concern. Hence I would like to make it private and want it to be accessed only through AWS SNS but getting no idea how it could be done.
How to trigger GCP cloud function(private) from AWS SNS over http trigger
1.2k Views Asked by Abhishek Jain At
1
There are 1 best solutions below
Related Questions in AMAZON-WEB-SERVICES
- S3 integration testing
- How to get content of BLOCK types LAYOUT_TITLE, LAYOUT_SECTION_HEADER and LAYOUT_xx in Textract
- Error **net::ERR_CONNECTION_RESET** error while uploading files to AWS S3 using multipart upload and Pre-Signed URL
- Failed to connect to your instance after deploying mern app on aws ec2 instance when i try to access frontend
- AWS - Tab Schema Conversion don't show up after creating a Migration Project
- Unable to run Bash Script using AWS Custom Lambda Runtime
- Using Amazon managed Prometheus to get EC2 metrics data in Grafana
- AWS Dns record A not navigate to elb
- Connection timed out error with smtp.gmail.com
- AWS Cognito Multi-tenant Integration | Ok to use Client’s Idp?
- Elasticbeanstalk FastAPI application is intermittently not responding to https requests
- Call an External API from AWS Lambda
- Why my mail service api spring isnt working?
- export 'AWSIoTProvider' (imported as 'AWSIoTProvider') was not found in '@aws-amplify/pubsub'
- How to take first x seconds of Audio from a wav file read from AWS S3 as binary stream using Python?
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in GOOGLE-CLOUD-FUNCTIONS
- Protect OpenAI key using Firebase function
- pnpm firebase app "Could not find a declaration file for module 'mime'"
- Setting document field value using Firestore Functions
- Firebase authentication sign up token
- Nonsense error using a Python Google Cloud Function
- run dart script from firestore cloud functions
- Why New Google Cloud Pricing Calculator has huge costs different from Legacy One?
- Google Cloud Function with express returns TypeError: stream.listeners is not a function
- Use firebase-functions for firebase v2 cloud functions
- How can I improve concurrent message processing with Google Task Queue?
- Error with firebase deploy --prefix $RESOURCE_DIR run lint giving functions/functions
- Authenticated HTTP Request to External API
- Firebase Functions: How to use second database
- Trigger a Cloud Build to only re-deploy GCP Cloud functions that were updated within the same repo
- FireStore or FireStoreClient class for Java Firestore client library?
Related Questions in AMAZON-SNS
- AWS - "Signature" for text messages to China
- How to subscribe to all events in the system in AWS
- Null request id when subscribe to the topic
- Adding SNS Topic Data protection policy from CDK (java)
- AWS SNS service for text sms
- Sound Not Working on iOS Notifications Sent via AWS SNS Using FCM
- sns nodejs publish to a specific phone
- Integrating AWS SNS to NestJS Microservices
- AWS SNS - SMS not receive to mobile at some times
- SNS/SQS Size limit
- Cross account SNS/SQS subscriptions where both accounts have distinct customer managed KMS keys
- Serverless offline failing to start with serverless-offline-sns
- S3 event triggering event - Unable to validate the following destination configurations
- Notifications AWS SNS with android
- How does NotificationChannel from the function StartExpenseAnalysisCommand of Amazon Textract works? AmazonTextract unable to publish msg to SNS
Related Questions in HYBRID-CLOUD
- Is it possible to add baremetal server as a AWS EKS woker node?
- Can you use a shared Redis cache across different cloud/compute platforms?
- Can you still make use of the fargate compute type when using "EKS Anywhere"
- AWS endpoint service to expose on-prem API
- Apache Pulsar on hybrid cloud
- Are on-premise Azure Functions suitable for production?
- What is the closest latency efficient AWS region for GCP us-central1 region?
- Can a managed AWS service (e.g. Managed Airflow (MWAA)) be used in the cloud on data resources that are entirely on-premise?
- Can one use Azure Kubernetes Service or Azure Service Fabric to deploy and manage on-prem kubernetes clusters?
- Can one use on-premises Kubernetes to manage clusters deployed in a hybrid cloud?
- On Prem Application migration to the AWS
- How to trigger GCP cloud function(private) from AWS SNS over http trigger
- How did you sync DNS servers in on-premise and AWS Cloud?
- Azure Bastion for Hybrid Cloud Environment
- Using IBM Cloud for SaaS API management with on premise gateways
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You cannot prevent users from calling your HTTP endpoint as you must make the endpoint public in order for Amazon SNS to be able to call your endpoint. You can validate requests and reject requests (return 401 Unauthorized) that you do not want to process.
There are several methods to validate requests. I am listing the methods from least secure to most secure (also easiest to hardest to implement).
Check the
x-amz-sns-topic-arnorx-amz-sns-subscription-arnfor values you expect in the HTTP POST request headers.Configure SNS to use Basic Authentication using a username and password. Verify both values.
Verify the SNS notification signature. This method requires downloading the Amazon certificate and validating the signature on each request.
Using Amazon SNS for system-to-system messaging with an HTTP/s endpoint as a subscriber