Issue
I want to host a RESTful API on AWS Beanstalk or EC2 so a client server in an on-premise data center can use it.
Is it secure to host a RESTful API server on AWS Beanstalk or EC2 without authentication and secure them only with security group ?
I put the client IP address into the security group which Beanstalk or EC2 instance uses. So only the client with this IP address can connect to the RESTful API server.
The client is located outside the AWS in a on-premise data center.
Is there any better solutions to handle this problem? I know it is possible to connect AWS VPC with on-premise network, but that seems to be a too expensive for us in such small use case.
Solution
Is it secure to host a RESTful API server on AWS Beanstalk or EC2 without authentication and secure them only with security group ?
No authentication is not a recommended method for securing RESTful API but security provided by AWS security groups is rock solid.
Another suggestion will be implementing HTTPS instead of HTTP. Please go through this article. http://aws.amazon.com/articles/1928
Answered By - error2007s Answer Checked By - Katrina (WPSolving Volunteer)