How do I rotate an API gateway key keeping its current used quota?

0

We need to allow our customers to refresh the AWS Gateway API key at any time using the SDK , unfortunately the only way I can see of doing this is to delete the existing key and then create a new key.

Is there any way of creating the new key but keeping the existing daily quota used value? Or is there any other way of rotating the key?

If there is no way of doing this then the customer could use their quota, refresh the key and get another daily quota.

Thanks

2 Risposte
0
Risposta accettata

This is not possible today. You must create a new api key and delete the old one. The new key will start it's quota value at 0.

Remember that API keys are not designed to be an auth mechanism, but used to provide access to developer portals, or throttling based on an associated usage plan. See Best practices for API keys and usage plans.

Don't rely on API keys as your only means of authentication and authorization for your APIs. If you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access all APIs in that usage plan. Instead, use an IAM role, a Lambda authorizer, or an Amazon Cognito user pool.

As api keys are primarily used for throttling purposes you can set the key dynamically using a Lambda authorizer which had the benefit of not distributing new keys to the client. You can therefore fully automate the rotation process.

AWS
con risposta 2 anni fa
profile pictureAWS
ESPERTO
Toni_S
verificato 2 anni fa
0

Thank you for sharing 6

profile picture
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande