Avoid rate limit errors on Cognito auth endpoints

Question

Hello re:Post community, here's my first post.

A while ago I implemented S3 bucket support for a genomics visualization package called IGV:

https://github.com/igvteam/igv/pull/620

Today, I'm facing some problem reports w.r.t API endpoint quota limits and I'd like to hear your advice:

https://github.com/igvteam/igv/issues/1311#issuecomment-1716974095

What's the best way to mitigate or solve this issue that other partners are facing? So far, our facility hasn't seen those, but there's no reason they cannot appear in the future, generating a DoS situation for our staff and their legitimate login attempts :/

Accepted Answer

Hi,

there are four types of resolution for this:

1. As pointed in the Issue, you should handle 4XX Rate Limit error code gracefully
2. You need to understand if the rate limiting applies to authentication or refresh of the access token.
  A. if Authentication, you can try to request a quota increase for Cognito , see Quotas page https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html
  B. If refresh of the access token, you might want to increase the life time of the Access token in the User Pool, see token Expiration parameter https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html
3. Finally if this is bad traffic DDOS you, you apply an AWS WAF WebACL to filter out traffic before reaching Cognito see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html

Avoid rate limit errors on Cognito auth endpoints

Relevant content