Client API Throttling in API Gateway
Customer that is looking to implement throttling on their APIs exposed via API Gateway and would like to know if that throttling occurs before invocation of a Lambda custom authorizer, which they are also implementing.
- 新しい順
- 投票が多い順
- コメントが多い順
There are different types of rate limiting that can be applied on API Gateway. The different types of rate limiting can be found on this security whitepaper on page 11. https://d1.awsstatic.com/whitepapers/api-gateway-security.pdf?svrd_sip6
If the rate limiting leverages usage plans with an API key (the apiKeySource is set to AUTHORIZER) then the Lambda Authorizer needs to be invoked since the Lambda Authorizer function must return usage plan's API keys as the usageIdentifierKey property value. See link below: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
If the rate limiting is enforced by API setting on the resource/method then the custom authorizer does not need to get invoked.
If any of the limits are exceeded for the rate limit, Amazon API Gateway blocks the request and returns a 429 Too Many Requests error response to the client. Client logic or SDKs should be configured to retry such errors, although with increasing back off intervals upon repeat failures of the same type.
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
