Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Is there a "rest api gw usage plans" equivalent solution for http api gw?

0

Hi, after reading the following articles,

https://aws.amazon.com/blogs/architecture/throttling-a-tiered-multi-tenant-rest-api-at-scale-using-api-gateway-part-1/

https://aws.amazon.com/blogs/architecture/throttling-a-tiered-multi-tenant-rest-api-at-scale-using-api-gateway-part-2/

Is was wondering what should we do if we want to apply the same solution on http api gw, which doesn't provides the usage plans feature.

As mentioned inside the article:

" We limit the scope of our discussion to REST APIs because other protocols that API Gateway supports — WebSocket APIs and HTTP APIs — have different throttling mechanisms that do not employ Usage Plans or API Keys."

Few comments for focusing the question:

  • Our main goal is to achieve an api rate limiting per customer for our http api gw.
  • I'm looking for a solution that doesn't include migrating to rest api gw (if I will migrate, I will just go with the solution from the attached article).
  • If it helps somehow for coming up with a good solution, our http api gw is wrapped with a cloudfront distribution (we did it in the past in order to apply WAF on this api, which doesn't supports WAF out of the box).

Thanks,

Yedidya

Argomenti
ServerlessFront-end web e dispositivi mobiliNetworking e distribuzione di contenuti
Tag
Gateway API di Amazon
Lingua
English
Yedidya Schwartz
posta un anno fa286 visualizzazioni
1 Risposta
1
Risposta accettata

Hi,

You are right, http api does not have usage plans out of box, while as rest api type does instead.

You would need a handle it yourself. I would take inspiration from the built-in usage model and build it for your api. You could store the limits for your customers in a database(dynamo).

Then each time an api is called, you would check whether the rate limit is passed for a customer, if so the api would throw a 4xx error.

If limit is still below threshold, increment the limit counter.

You could implement those check in different flavors such as Lambda@edge, or api gateway backed by a step function with lambda steps performing the check and counter increments.

Hope this ideas can inspire you

profile picture
ESPERTO
Antonio_Lagrotteria
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente