Useless API

A useless machine is a box that turns itself off when you turn it on. If you'd like to see one in action, you can see a video here. I believe that I have created the closest Cloud API approximation of that machine using API Gateway, AWS WAF rules, terraform, and an AWS Lambda function and I'd like to tell you about it, as well as how to use it.

The project functions by hosting an API Gateway method using a custom SSL certificate on api.aceraney.com. The API Gateway is configured with a Lambda function as the target, with the "Lambda Proxy" functionality set to true so that API Gateway passes the headers of the request to the Lambda function directly. With the headers successfully being passed to the Lambda Function, we can now get the IP address of the requester. The Lambda function then adds this IP address to a block list used by the AWS WAF that is attached to the API Gateway function.

Now that the IP address is blocked, subsequent requests to the same endpoint from the same IP address will be blocked. It can take a few seconds for the WAF to update and for the requests to be successfully blocked.

Lambda Function

The code for the lambda function used in the Useless API is shown below. 


import boto3
import json
def lambda_handler(event, context):

	client = boto3.client('wafv2')
	name = 'generated-ips'
	ip_set_id = '#############################'

	response = client.get_ip_set(
		Name=name,
		Scope='REGIONAL',
		Id=ip_set_id
	)

	lock_token = response["LockToken"]
	try:
		ip_to_block = event['requestContext']['identity']['sourceIp']

		client.update_ip_set(
			Name=name,
			Scope='REGIONAL',
			Id=ip_set_id,
			Addresses=[
				ip_to_block + '/32',
			],
			LockToken=lock_token
	)
	except IndexError:
		return {
			'statusCode': 200,
			'headers': {'Content-Type': 'application/json'},
			'body': json.dumps("Your IP address could not be determined.")
		}
	
	message = {
		'message': 'You\'ve been blocked!'
	} 
	
	return {
		'statusCode': 200,
		'headers': {'Content-Type': 'application/json'},
		'body': json.dumps(message)
	}

If you would like to try the API out for yourself, you'll need an API key. The API key is 

sxxWu0qC8Y5j2MSFHCDxvT5QVN30sji9oeHV5Nj1
And to use it, the command is as follows 
curl -X POST -H "x-api-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxx" https://api.aceraney.com/ace

And thats pretty much it. If you'd like to take a look at the terraform code for this project, you can find it here. Once the IP address is used, all future requests from that IP address will be blocked. This method does not take into account for IP spoofing via spoofed X-Forwarded-For headers, but accounting for such attacks is outside the scope of this project. I simply wanted to intercept a request and update a WAF rule as a result, while learning some new AWS services as well as some basic web dev. Let me know if you have any questions.

Thanks!