Open GeorgeBellTMH opened 3 years ago
ammarkarachi
commented
3 years ago @GeorgeBellTMH API gateway does provide some throttling out of the box for an account per region. https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html. Can you elaborate more on your use case?
GeorgeBellTMH
commented
3 years ago We have a graphql API that started getting hammered due to an infinite loop in our app...app sync costs went from 0$/day to 10$/day...could obviously be way worse in the case of a deliberate attack. Would be nice to set limits and expected usage rates to put an upper limit on this sort of thing.
thu-san
commented
2 years ago +1 for this
Would be nice if there was a way to setup a WAF on the graphql API...especially in cases where API_KEY is being used. This would allow us to setup throttling, which would be another nice feature to prevent public API's from being hammered and racking up costs.
In the short term we might want to put some documentation around public API's and the potential for mis-use/costs.