By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is there a "rest api gw usage plans" equivalent solution for http api gw?

0

Hi, after reading the following articles,

https://aws.amazon.com/blogs/architecture/throttling-a-tiered-multi-tenant-rest-api-at-scale-using-api-gateway-part-1/

https://aws.amazon.com/blogs/architecture/throttling-a-tiered-multi-tenant-rest-api-at-scale-using-api-gateway-part-2/

Is was wondering what should we do if we want to apply the same solution on http api gw, which doesn't provides the usage plans feature.

As mentioned inside the article:

" We limit the scope of our discussion to REST APIs because other protocols that API Gateway supports — WebSocket APIs and HTTP APIs — have different throttling mechanisms that do not employ Usage Plans or API Keys."

Few comments for focusing the question:

  • Our main goal is to achieve an api rate limiting per customer for our http api gw.
  • I'm looking for a solution that doesn't include migrating to rest api gw (if I will migrate, I will just go with the solution from the attached article).
  • If it helps somehow for coming up with a good solution, our http api gw is wrapped with a cloudfront distribution (we did it in the past in order to apply WAF on this api, which doesn't supports WAF out of the box).

Thanks,

Yedidya

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon API Gateway
Language
English
Yedidya Schwartz
asked a year ago277 views
1 Answer
1
Accepted Answer

Hi,

You are right, http api does not have usage plans out of box, while as rest api type does instead.

You would need a handle it yourself. I would take inspiration from the built-in usage model and build it for your api. You could store the limits for your customers in a database(dynamo).

Then each time an api is called, you would check whether the rate limit is passed for a customer, if so the api would throw a 4xx error.

If limit is still below threshold, increment the limit counter.

You could implement those check in different flavors such as Lambda@edge, or api gateway backed by a step function with lambda steps performing the check and counter increments.

Hope this ideas can inspire you

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content