S3 interface endpoint to manage STNO page privately would boost security of the solution.
l4h1n opened this issue · 1 comments
l4h1n commented
Is your feature request related to a problem? Please describe.
I find the STNO console page provided through cloudfront as insecure. It doesn't leverage MFA or WAF and the page is "public" just behind a password.
Describe the feature you'd like
An S3 interface endpoint can be leveraged and linked with a private R53 zone so that STNO can be managed from a VPC or On-Premises
Additional context
A feature to choose between public and private management would also add value.
tbelmega commented
We added a WAF to the AppSync API in release v3.1. I hope that addresses you concern. The page is still publicly accessible via CloudFront, but the critical part from a security perspective is the API, not the UI.