AWS AppSync - rate limiting?

Question

Is there a way to rate limit clients easily with AWS AppSync? API Gateway has this, and they're pretty similar services. I'd like to be able to throttle individual clients - so one user can't sit there and bang on the API too hard.

Probably not on the top of my wishlist, but would certainly be nice to have.

Hi Michael, this feature is in the backlog. Stay tuned for updates and thanks for the request! — Rohan Deshpande, Feb 23 '18 at 12:28
@RohanDeshpande, could you please provide an update on this feature? — Casper Alant, Apr 19 '20 at 06:15

score 5 · Answer 1 · answered Oct 13 '20 at 01:09

5

AppSync recently added support for AWS WAF, allowing you to create rate-based rules: https://aws.amazon.com/blogs/mobile/appsync-waf/

answered Oct 13 '20 at 01:09

Steve Sanders

8,444
2
30
32

This works when we do the requests from a console using a simple for loop with fetch method. But when I try with burp suite using Intruder or Turbo Intruder, This fails. Please help in getting me know why this is happening. – Aman Gupta Jun 08 '21 at 09:06
This doesn't address the OPs interest: controlling rate limit per-client. WAF provides ip-based limiting, and hopefully nobody is identifying their API clients by IP. AppSync controls auth, and is aware of client's identity, so that is what we'd like to associate rate limits with. – lance.dolan Aug 10 '23 at 19:53

AWS AppSync - rate limiting?

1 Answers1