API Throttling
Understand the concept of API throttling and how it can be leveraged to secure our API.
We'll cover the following...
Why throttle?
Anything in excess is wrong. More so when using AWS resources. We all want more users to utilize our application, but when the traffic bursts beyond limits, it could overburden the system. The traffic surge could also be caused by a hacker, not actual good traffic.
The world is full of hackers. Unfortunately, as our products gain popularity, the more likely they are to be targeted. When hackers try to attack the application by simultaneously making too many API calls, it shows up as a DDoS attack on the API Gateway. AWS has several services dedicated to security against such attacks. The AWS Shield is the most popular for guarding against DDoS attacks.
The simplest way to hold back such attacks is through throttling. We can restrict the burst of API invocations with this configuration. With the appropriate design for throttling, we can ensure that DDoS attacks are stopped at the gateway without troubling the systems behind it. Throttling limits the number of concurrent API invocations to ensure that our system isn’t surprised by more requests than it can handle. ...