Implement rate limiting via API Gateway

pfych / web-mentions

Web mention receiver deployed to AWS with serverless

0 stars 0 forks source link

Implement rate limiting via API Gateway #1

Open pfych opened 1 year ago

pfych commented 1 year ago

API Gateway likely offers a method of rate limiting, if we can do it via our serverless.yml its 10x better than doing it in our lambda since that's where we pay money for execution time.

pfych commented 1 year ago

This might have to be done with AWS WAF.

https://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedStatement.html

Potentially do a cost comparison of someone pummelling the instance vs implementing WAF rules, seems like it can range $1/$5 fixed cost monthly.

pfych commented 1 year ago

WAF might be overkill: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html

pfych commented 1 year ago

This will be resolved once https://github.com/pfych/web-mentions/pull/5 is merged