S3 interface endpoint to manage STNO page privately would boost security of the solution.

Question

S3 interface endpoint to manage STNO page privately would boost security of the solution.

l4h1n opened this issue 2 years ago · 1 comments

Is your feature request related to a problem? Please describe.
I find the STNO console page provided through cloudfront as insecure. It doesn't leverage MFA or WAF and the page is "public" just behind a password.

Describe the feature you'd like
An S3 interface endpoint can be leveraged and linked with a private R53 zone so that STNO can be managed from a VPC or On-Premises

Additional context
A feature to choose between public and private management would also add value.

Answer 1 · 2023-01-19T19:34:21.000Z

We added a WAF to the AppSync API in release v3.1. I hope that addresses you concern. The page is still publicly accessible via CloudFront, but the critical part from a security perspective is the API, not the UI.