We have an application hosted in AWS. We are now planning to have a public API for this application. It is expensive to service requests to this api. Is it possible to throttle requests to this api using AWS (not implementing logic in our application) such that if more than a certain number in a specified time are made they will be rejected?

Any advice is appreciated. Thank you.

2 Answers

0
davejagoda On

I think there are at least two ways to do this:

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html

If you are using EC2 to host Linux instances, you could use iptables to rate limit by source IP address.

1
JD D On

If you want to blacklist IPs that spam certain endpoints, you can use AWS WAF to create rate limiting rules for your API:

https://aws.amazon.com/blogs/aws/protect-web-sites-services-using-rate-based-rules-for-aws-waf/