Add API rate limiting to our events API

[glitchedmob]

It's possible that our API gateway has an option for this that we can change in our CDK configuration

[KalonOhm]

Is this even in the ballpark?

-https://stackoverflow.com/questions/71998170/how-do-you-implement-rate-limiting-on-a-serverless-lambda-application

"AWS API gateway is more suited for client credentials oAuth authentication flow for point to point connectivity. It don't provide much features such as rate limiting based on users. You can use lambda authoriser with dynamodb to store user limits and current value and provide rate limiting based on user. There is no feature provided by AWS API gateway for user based limiting."

[glitchedmob]

@KalonOhm sort of. User based rate limiting would be awesome, but I think we could get away with just ip address based rate limiting.

Some followup searches related to what you found is telling me that API Gateway does not support this :(. However AWS WAF (Web Application Firewall) does. It's probably worth some time diving into that service and understanding

• How much it costs
• How do we create one using the CDK
• How do we connect it to our API gateway using the CDK