By using AWS re:Post, you agree to the Terms of Use
/Are Lambda Authorizers' invocations billed ?/

Are Lambda Authorizers' invocations billed ?

0

Hello there,

I want to know more information about billing when using Authorizers both JWT and Lambda. For example : If we have 2 lambda functions : CoreLogicLambda : runs for average 100 ms for 1G of ram and does the core logic function. AuthLambda : runs for 1 ms each time to verify auth for 1G of ram and is used as a Lambda Authorizer for CoreLogicLambda. now let's say we had 2 million HTTP API invocations and only half passed the authorizer. Which billing is true :

Case 1 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

2 Million requests for AuthLambda : 0.2$ * 2 = 0.4$

1 Million requests for CoreLogicLambda: 0.2$ * 1 = 0.2$

2,000 GB*S runtime for AuthLambda : ....

100,000 GB*S runtime for CoreLogicLambda : ....

Case 2 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

1 Million requests for CoreLogicLambda: 0.2$ * 1 = 0.2$

2,000 GB*S runtime for AuthLambda : ....

100,000 GB*S runtime for CoreLogicLambda : ....

Case 3 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

2 Million requests for CoreLogicLambda: 0.2$ * 2 = 0.4$

2,000 GB*S runtime for AuthLambda : ....

100,000 GB*S runtime for CoreLogicLambda : ....

Case 4 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

1 Million requests for CoreLogicLambda: 0.2$ * 1 = 0.2$

100,000 GB*S runtime for CoreLogicLambda : ....

Thanks for the clarifications.

1 Answers
1
Accepted Answer

Lambda authorizers are billed just like any other function invocation. Saying that, note the API Gateway caches the results from the authorizer, which means that usually the number of invocations will be lower that the number of requests. Looking at your cases, it is like case #1 with the cap being 2M for the auth Lambda.

EXPERT
answered 2 months ago
  • thanks for the answer. This means that it is cheaper to have middleware in the code for auth. This way, the lambda CoreLogicLambda with the middleware will run for 1ms when not authenticated and 101ms for authenticated users; meaning we will pay :

    2 Million API Gateway HTTP API requests : 1$ 2 = 2$ 2 Million requests for CoreLogicLambda: 0.2$ 2 = 0.4$ 102,000 GB*S runtime for CoreLogicLambda : ....

    what do you think about this ? is what I am saying sound logical to you or is this simply not a good practice?

  • It is probably logical but not a good practice. You are mixing your business logic code with the auth code.

    Furthermore, API Gateway doesn't charge for API calls that failed authorization. So in option #1 above the charge for API GW will only be $1, bringing the invocations cost to $1.6, compared to $2 if you move auth to the backend.

  • Yeah, the API calls not charged definitly impact greatly the result. Thank you very much for all the answers!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions