Lambda based REST API entirely through code - API Gateway, YAML & Terraform
Serverless Applications with AWS Lambda and API Gateway
Serverless architectures offload OS-level patching to AWS, but they introduce new attack vectors. This project highlights 2026 serverless DevSecOps principles:
- API Gateway Exploitation Prevention: A public-facing API Gateway must be fronted by AWS WAF (Web Application Firewall) to mitigate OWASP Top 10 API threats (like injection and parameter tampering) before they ever trigger Lambda invocations (preventing DoS billing attacks).
- Lambda IAM Least Privilege: Each individual Lambda function must be scoped with a granular IAM execution role. A function writing to DynamoDB should only have
dynamodb:PutItemon that specific table ARN, notdynamodb:*across the account.
sam package --template-file template.yaml --output-template-file deploy.yaml --s3-bucket $SAM_CODE_BUCKET
-
terraform init
-
terraform plan
-
terraform deploy
-
terraform destroy