Client API Throttling in API Gateway
Customer that is looking to implement throttling on their APIs exposed via API Gateway and would like to know if that throttling occurs before invocation of a Lambda custom authorizer, which they are also implementing.
- 최신
- 최다 투표
- 가장 많은 댓글
There are different types of rate limiting that can be applied on API Gateway. The different types of rate limiting can be found on this security whitepaper on page 11. https://d1.awsstatic.com/whitepapers/api-gateway-security.pdf?svrd_sip6
If the rate limiting leverages usage plans with an API key (the apiKeySource is set to AUTHORIZER) then the Lambda Authorizer needs to be invoked since the Lambda Authorizer function must return usage plan's API keys as the usageIdentifierKey property value. See link below: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
If the rate limiting is enforced by API setting on the resource/method then the custom authorizer does not need to get invoked.
If any of the limits are exceeded for the rate limit, Amazon API Gateway blocks the request and returns a 429 Too Many Requests error response to the client. Client logic or SDKs should be configured to retry such errors, although with increasing back off intervals upon repeat failures of the same type.
관련 콘텐츠
AWS 공식업데이트됨 일 년 전- AWS 공식업데이트됨 2년 전
