By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Are Lambda Authorizers' invocations billed ?

0

Hello there,

I want to know more information about billing when using Authorizers both JWT and Lambda. For example : If we have 2 lambda functions : CoreLogicLambda : runs for average 100 ms for 1G of ram and does the core logic function. AuthLambda : runs for 1 ms each time to verify auth for 1G of ram and is used as a Lambda Authorizer for CoreLogicLambda. now let's say we had 2 million HTTP API invocations and only half passed the authorizer. Which billing is true :

Case 1 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

2 Million requests for AuthLambda : 0.2$ * 2 = 0.4$

1 Million requests for CoreLogicLambda: 0.2$ * 1 = 0.2$

2,000 GB*S runtime for AuthLambda : ....

100,000 GB*S runtime for CoreLogicLambda : ....

Case 2 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

1 Million requests for CoreLogicLambda: 0.2$ * 1 = 0.2$

2,000 GB*S runtime for AuthLambda : ....

100,000 GB*S runtime for CoreLogicLambda : ....

Case 3 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

2 Million requests for CoreLogicLambda: 0.2$ * 2 = 0.4$

2,000 GB*S runtime for AuthLambda : ....

100,000 GB*S runtime for CoreLogicLambda : ....

Case 4 :

2 Million API Gateway HTTP API requests : 1$ * 2 = 2$

1 Million requests for CoreLogicLambda: 0.2$ * 1 = 0.2$

100,000 GB*S runtime for CoreLogicLambda : ....

Thanks for the clarifications.

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
ServerlessAWS LambdaAmazon API Gateway
Language
English
The DF
asked 2 years ago1247 views
1 Answer
1
Accepted Answer

Lambda authorizers are billed just like any other function invocation. Saying that, note the API Gateway caches the results from the authorizer, which means that usually the number of invocations will be lower that the number of requests. Looking at your cases, it is like case #1 with the cap being 2M for the auth Lambda.

profile pictureAWS
EXPERT
Uri
answered 2 years ago
profile picture
EXPERT
Gary Mclean
reviewed 17 days ago
  • The DF
    2 years ago

    thanks for the answer. This means that it is cheaper to have middleware in the code for auth. This way, the lambda CoreLogicLambda with the middleware will run for 1ms when not authenticated and 101ms for authenticated users; meaning we will pay :

    2 Million API Gateway HTTP API requests : 1$ * 2 = 2$ 2 Million requests for CoreLogicLambda: 0.2$ * 2 = 0.4$ 102,000 GB*S runtime for CoreLogicLambda : ....

    what do you think about this ? is what I am saying sound logical to you or is this simply not a good practice?

  • Uri EXPERT
    2 years ago

    It is probably logical but not a good practice. You are mixing your business logic code with the auth code.

    Furthermore, API Gateway doesn't charge for API calls that failed authorization. So in option #1 above the charge for API GW will only be $1, bringing the invocations cost to $1.6, compared to $2 if you move auth to the backend.

  • The DF
    2 years ago

    Yeah, the API calls not charged definitly impact greatly the result. Thank you very much for all the answers!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content