I am deploying several AWS lambda functions that are accessed via AWS API Gateway. I want to restrict one of these functions so that it can't be accessed unless you are in a particular IP address range (our VPN), while allowing the rest of the functions to be open to anyone who calls them. Can I do this? If so how. I have seen several examples where restriction of access to a subset of ip's is done by configuration of the provider section of the serverless yaml. However that would affect all of my functions and I don't want to have any of my other functions affected.
Thank you!
IP based control to your API gateway can be done either by a WAF, or a custom Authoriser function, (might be called Lambda Authorizer now). See here for an example. You can specify a Lambda function in your serverless yaml for this
authorizerFunc. There is support for this in serverless. For the endpoints you want protected from certain IPs put:authorizer: authorizerFuncin theeventssection, and leave the other endpoints which you want accessible to all alone.