Can I limit my API Gateway request limitation?
For example
URL A with path like this :
aaaaaaaa.com/predict
I set URL A only can be requested 1000 per day and the same URL with another path like this :
aaaaaaaa.com/calling
/calling only can be requested 500 per day
So, can I set a path with a limited request?
I wrote an article with Cloud Endpoint and it's the same thing with API Gateway (simply a managed version of Cloud Endpoint).
If you want to limit the requests per day AND per requester, you need to add API keys to differentiate all the requesters. And the requester need to use it to indicate in which quota the request if counted.
Take care, an API identify a project. If you have several requesters, you need several API keys, each one in a different project. Else, if you put all in the same project, it's the same project which will be identified, and thus the same quota decreased.
Related
I've swagger JSON which I want to import on REST API Gateway, but I'm getting the message of
Maximum number of Resources for this API has been reached. Please contact AWS if you need additional Resources. when I import. What should I do, it says I need additional resources. Where I can add additional resources on API Gateway.
As per AWS docs, the default limit for Resources per API is 300. The error msg you have suggest that you are exceeding the limit.
Since the Resources per API limit can be increased (some limits can't), you have to request such an increase from AWS. The Increase account service quotas tutorial at AWS explains how to do it.
I'm using AWS API Gateway with quota and need increase the number of requests made to api only if my backend return response with status code 200. So, responses with status different of 200 not are accounted for quota usage.
It's possible? If not, how i could make this?
Thanks
Recently i faced the same question, my solution is a little workaround.
You create two apis with aws api gateway and also two usage plans. The first api should be the api used by your customer, the second api exists only to increase the quota usage value for an API Key, so it should be a simple POST Endpoint. Now create one free usage plan (only throttling) and one usage plan with quota limitation enabled. Then connect the free plan to your api which is responsible for processing the data and connect the quota plan to the additional quota api.
Finally create an API Key for your customer, add both usage plans. Now you only need to call your quota api with the API Key provided by your customers, when their requests were successfully.
Hope this will work for you aswell.
I'm considering about moving my service from a VPS to AWS Lambda + DynamoDB to use it as a FaaS, because it's basically 2 API GET calls that fetch info from the database and serve it, and the normal use of those API calls are really rare (about 50 times a week)
But it makes me wonder... As I can't setup a limit on how many calls I want to serve each month, some attacker could theoretically flood my service by calling it a couple thousands times a day and make my AWS bill extremely expensive. Setting up a limit per month wouldn't be a nice idea either, because the attacker could flood the first day and I won't have more requests to serve. The ideal thing would be to set up a limit on request rate per client.
Anyone knows how could I protect it? I've seen that AWS also offers a Firewall, but that's for CloudFront. Isn't there any way to make it work with Lambda directly?
You can put AWS CloudFront in front API Gateway and Lambda so that, the traffic will be served to outside through CloudFront.
In addition by configuring AWS WAF with rate base blocking, it is possible to block high frequencies of access by attackers.
However when configuring AWS CloudFront in front of API Gateway and Lambda, you also need to restrict direct access to API Gateway (Since API Gateway will be publicly accessible by default). This can be achieved in following ways.
Enable API Keys for API Gateway and use the API Key in AWS CloudFront Headers in the Origin.
Use a Token Header and Verify it using a Custom Authorizer Lambda function.
Two options spring to mind:
place API Gateway in front of Lambda so that API requests
have to be authenticated. API Gateway also has built-in throttles and other useful features.
invoke the Lambda directly, which will require the client
invoking the Lambda to have the relevant IAM credentials.
everyone
I'm using Amazons API Gateway as a proxy for Dynamo DB. I've read through the documentation but I can't seem to find a lot of information about how to get the next set of items in a collection.
The documentation says that api gateway only returns 25 items at a time. I see under the api gateway documentation that it has a "next" call but I'm not sure how to use it.
For example, if i have an api such as apiurl.com/videos/1 which references to the videos for a specified user ID how do i get the next set of videos in the collection.
This is my first time building an api or implementing a backend so it's a little confusing.
Thanks ahead of time!
Please review this detailed blog post which answers your exact question:
https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/
Regarding the 25 item/request limit - this limit is imposed on items returned from API Gateway's management APIs. The limits imposed on APIs that you run on API Gateway itself (like your DynamoDB proxy API) have a separate set of limits. See this document for more details on both classes of limits. Additionally, DynamoDB itself will have limits on its APIs, such as 100 items per BatchGetItem and 1 MB per Query or Scan, that you will also have to take into consideration.
I would like to have a policy on an API Gateway that would throttle requests based on a header value. For example, header value "AAA" would be allowed up to 10 requests per day, "BBB", 20 requests. Is this possible? How can I achieve this? Note: I am trying to avoid writing a lambda function for this purpose, because then I would need to keep state, etc.
API Gateway has Usage Plans, which support what you are attempting to do.
Each usage plan can have a throttling limit, which restricts requests per second and burst rate. Usage plans can also have quotas, which would allow you to add limits on requests per day.
API Gateway allows you to add API Keys to a usage plan. API Keys are sent HTTP header (x-api-key).
You can find more details in the Usage Plans for API Gateway launch blog and API Gateway Usage Plan docs.