0

I've got a node.js server deployed on beanstalk w/ an application loadbalancer. The node.js server has has a URL like the following:

app.get('/data/:id.json', async function (req, res) {
     // do stuff with an API key URL
})

This API key that I'm using here with a 3rd party service (infura, but that's not important), kept getting called approx. 2k times an hour, and I kept trying to figure out why.

I have come to the conclusion that this may be a health check by AWS. Is there a way to disable this so I can prevent my API key from essentially being abused and charging me?

thanks

Evan
  • 1,892
  • 2
  • 19
  • 40

2 Answers2

2

Depending of the nature of the health checks, but for the many projects, is just a route = url/path like /healthcheck that returns 200.

Keep in mind that the health check is not a functional test, it's just to know the application is alive and responds.

If you want to have a full checking, you can have a custom route ( checking a records in db...) but with a delay in checking not every 5 sec but I don't recommand it at all.

So my suggestion to you, add another route, path like /healthcheck, and return a json response with 200 code like server is ok. For this path do not put any security filter ( like token or api key checking...) and configure it in your beanstalk env.

Hatim
  • 1,116
  • 1
  • 8
  • 14
  • ah okay this makes sense, thank you so much! See my comment below too but the /healthcheck is logical so it's not actually AWS abusing the link but instead Opensea. – Evan Jan 19 '22 at 08:31
  • 1
    yep Evan, hope its clear ! – Hatim Jan 19 '22 at 08:31
1

You may want to change the health check type to EC2 instead of ELB. ELB verifies the specified port is returning 2xx code, while EC2 watches for instance availability only.

Register Sole
  • 3,206
  • 1
  • 14
  • 22
  • ah okay got it, thanks! as an update, I just realized that the reason my API was being abused was because it's linked to an NFT that is hosted on NFT and NFT is periodically requesting data from the server which causes the issue so I might close this question. really appreciate the answer tho/makes sense – Evan Jan 19 '22 at 08:30