By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to implement rate limiting in API gateway per user?

0

Hi, If I am understanding correctly, the throttling limit in API gateway stage is for the endpoint. So, a limit of 100 request per sec will mean the endpoint will only respond to the first 100 request from anyone accessing it and will throw error after the 10 requests. What I need is to restrict the endpoint to have only 5 requests per second per user and no overall quota limit for the endpoint. So how can I implement it?

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
ServerlessAmazon API GatewayNetworking & Content Delivery
Language
English
IndieGameDeveloperFromParallelWorld
asked a year ago5252 views
1 Answer
0

You can rate limit per client (user) in API Gateway using Usage Plans with API Keys. The options are described in this document, page 9 (pdf page 12) :

https://d1.awsstatic.com/whitepapers/api-gateway-security.pdf

This developer guide describes setting it up in the AWS Console:

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-usage-plans-with-console.html

Please note, there are two options for API Keys. First your API consumers can pass in the API Key you share with them in the X-API-Key header. Second option is to use a Lambda authorizer to return the API key as part of the authorization response.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-key-source.html

profile picture
cyrk-aws
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content