Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Is there a "rest api gw usage plans" equivalent solution for http api gw?

0

Hi, after reading the following articles,

https://aws.amazon.com/blogs/architecture/throttling-a-tiered-multi-tenant-rest-api-at-scale-using-api-gateway-part-1/

https://aws.amazon.com/blogs/architecture/throttling-a-tiered-multi-tenant-rest-api-at-scale-using-api-gateway-part-2/

Is was wondering what should we do if we want to apply the same solution on http api gw, which doesn't provides the usage plans feature.

As mentioned inside the article:

" We limit the scope of our discussion to REST APIs because other protocols that API Gateway supports — WebSocket APIs and HTTP APIs — have different throttling mechanisms that do not employ Usage Plans or API Keys."

Few comments for focusing the question:

  • Our main goal is to achieve an api rate limiting per customer for our http api gw.
  • I'm looking for a solution that doesn't include migrating to rest api gw (if I will migrate, I will just go with the solution from the attached article).
  • If it helps somehow for coming up with a good solution, our http api gw is wrapped with a cloudfront distribution (we did it in the past in order to apply WAF on this api, which doesn't supports WAF out of the box).

Thanks,

Yedidya

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von Inhalten
Tags
Amazon API-Gateway
Sprache
English
Yedidya Schwartz
gefragt vor einem Jahr286 Aufrufe
1 Antwort
1
Akzeptierte Antwort

Hi,

You are right, http api does not have usage plans out of box, while as rest api type does instead.

You would need a handle it yourself. I would take inspiration from the built-in usage model and build it for your api. You could store the limits for your customers in a database(dynamo).

Then each time an api is called, you would check whether the rate limit is passed for a customer, if so the api would throw a 4xx error.

If limit is still below threshold, increment the limit counter.

You could implement those check in different flavors such as Lambda@edge, or api gateway backed by a step function with lambda steps performing the check and counter increments.

Hope this ideas can inspire you

profile picture
EXPERTE
Antonio_Lagrotteria
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt