Reputation: 2851
AWS API Gateway: limit requests from a single IP
Does AWS API Gateway allows limiting a number of requests from a single IP?
I'm building a public API and would like to prevent it from being abused by establishing a limit on a number of times the API can be called from a single IP address (like 100 requests per minute).
Thanks,
Upvotes: 43
Views: 25530
Answers (2)
Reputation: 83
Check this guide for implementing WAF Rate Based Rules, which act based on source IP.
To implement WAF Rate Based rules you can do the following:
Open the AWS WAF console.
Select Web ACLs.
Select the web ACL and then select the Rules tab.
Select Add rules.
Select Add my own rules and rule groups.
Select Rule builder for the Rule type.
Enter a Name and select Rate-based rule as the Type.
Enter the following parameters for the Request rate details:
- Rate limit: Enter a number between 100 and 20,000,000. This is the maximum number of requests allowed for every IP in a 5-min period.
- Evaluation Window: This is the amount of time to count requests against the aggregation criteria. Example: count all requests from IP x for 60 seconds or 5 minutes
- Request Aggregation: This is how AWS WAF will aggregate the request together. For example, all requests from a specific IP or to a given URI.
- To aggregate requests from the same source IP, choose Source IP address.
- Criteria to count request towards rate limit: You can chose "Consider all requests" or "Only consider requests that match the criteria in a rule statement". If you choose "Only consider requests that match the criteria in a rule statement", you can define the criteria to match. For example, match a specific URI to implement rate limiting for the given URI from the same source IP.
In the Action section, select Block.
Select Add rule. Move the rule to the correct priority for your use case and then select Save.
API Gateway also does have the ability to throttle requests. However, it is based on API Keys and not source IP. For more information on API Gateway throttling the links below may be helpful.
- API Gateway - Throttle API requests for better throughput
- AWS Blog - Throttling a tiered, multi-tenant REST API at scale using API Gateway
Upvotes: 2
Reputation: 14543
AWS API Gateway does not offer the functionality that you are looking for but there is a workaround.
What you can do is Integrate AWS API gateway with AWS Cloud Front and use AWS Web Application Firewall Rules to limit the API call from a Specific IP address.
Check this Guide for implementing the WAF. http://docs.aws.amazon.com/waf/latest/developerguide/tutorials-rate-based-blocking.html
Upvotes: 34
Related Questions
- Can we throttle API gateway with lambda function by IP?
- How to throttle AWS Lambda or API Gateway by IP?
- Deny response from API Gateway when IP address is not whitelisted
- Only allow AWS API Gateway to access EC2 instance
- API Gateway whitelist certain IP
- How to allow only an IP/range access to AWS API Gateway resources
- Restrict API access to a single source IP
- How to configure APIs in API Gateway to accept traffic only from specified EC2 instances
- Reject request in AWS API Gateway for certain IP
- Limiting public api gateway to specific IP