1. Throttling requests to protect backend services in API Gateway

    TypeScript

    To implement throttling in AWS API Gateway to protect your backend services, you can define a UsagePlan and associate it with your deployed RestApi and an ApiKey. This plan will allow you to specify a rate limit (number of requests per second) and a burst limit (the immediate spike at the starting of a period).

    Here's how you can create these resources with Pulumi in TypeScript:

    1. Define an API using aws.apigateway.RestApi.
    2. Create a resource (e.g., a URL path) with aws.apigateway.Resource.
    3. Set up a method for the resource using aws.apigateway.Method.
    4. Create an integration with aws.apigateway.Integration to connect the method to backend services.
    5. Define an ApiKey using aws.apigateway.ApiKey.
    6. Create a UsagePlan that specifies throttle settings using aws.apigateway.UsagePlan.
    7. Finally, use aws.apigateway.UsagePlanKey to associate the API key with the usage plan.

    Below is an example program that sets up an API Gateway with request throttling:

    import * as aws from "@pulumi/aws"; // Create an API Gateway REST API const myApi = new aws.apigateway.RestApi("MyApi", { description: "My API for demonstration purposes", }); // Create a resource under the API. Here, we define a simple `/example` resource const myResource = new aws.apigateway.Resource("MyResource", { restApiId: myApi.id, pathPart: "example", parentId: myApi.rootResourceId }); // Define a GET method on the `/example` resource const myMethod = new aws.apigateway.Method("MyMethod", { httpMethod: "GET", authorization: "NONE", resourceId: myResource.id, restApiId: myApi.id }); // Set up the integration to connect the GET method to backend services such as Lambda or HTTP backend const myIntegration = new aws.apigateway.Integration("MyIntegration", { httpMethod: myMethod.httpMethod, resourceId: myResource.id, restApiId: myApi.id, type: "MOCK", // For demonstration we use a mock integration. Replace with "AWS" or "HTTP" as needed. requestTemplates: { "application/json": "{\"statusCode\": 200}" } }); // Create an API key to be used with the usage plan const myApiKey = new aws.apigateway.ApiKey("MyApiKey", { description: "API Key required for clients to access the API" }); // Create a usage plan to apply throttling to requests const myUsagePlan = new aws.apigateway.UsagePlan("MyUsagePlan", { name: "MyUsagePlan", description: "Limits request rate to protect backend services", apiStages: [{ apiId: myApi.id, stage: myApi.deploymentStageName // Use the deployment stage associated with your RestApi }], throttle: { rateLimit: 1, // Limit to 1 request per second burstLimit: 2 // Allow a burst of up to 2 requests } }); // Associate the API key with the usage plan const myUsagePlanKey = new aws.apigateway.UsagePlanKey("MyUsagePlanKey", { keyId: myApiKey.id, keyType: "API_KEY", usagePlanId: myUsagePlan.id, }); export const apiKeyValue = myApiKey.value; // Export the API Key value export const apiEndpoint = myApi.executionArn; // Export the API Endpoint (Invoke URL)

    This program will create:

    • An API Gateway with a resource and a GET method for demonstration purposes.
    • A usage plan that is configured to throttle requests at 1 request per second with a burst capacity of 2 requests.
    • An API key that is required for accessing the API and associated with the usage plan for rate limiting.

    Make sure to replace the mock integration with the actual backend integration you require, such as an AWS Lambda function or an HTTP backend. The requestTemplates property may also differ based on the type of integration you are using.

    Clients need to include the API Key in their requests to be authorized to access the API Gateway and be subject to the defined throttling limits.