The only problem with lambda authorizer is that when rate limit rule is applied and request is throttled in response we get unauthorized/forbidden response which does not tell us that we were throttled. Maybe it's okay in some cases but it would be better if we could return proper 429 HTTP status code to indicate that we are making to many requests and also provide proper rate limiting headers. We can allow reqeust from authorizer and include some kind of meta info in authorizer context and then handle it in lambda and throttle request from there. but stilll it sounds not so good (((((
@samjones43274 ай бұрын
Thank you for this tutorial! I'm a newbie to AWS and your videos really help me better understand the flow of the design process! Cheers!!
@rishiraj25487 күн бұрын
thanks
@alexrusin4 ай бұрын
If there are thousands of requests, won't we run out of lambda authorizers? There are only 1k of lambda concurrent invocations.
@ildar51844 ай бұрын
You can limit the number of concurrently running instances of lambdas for your AWS account, so that it doesn't go that high. But I agree, that if that number is reached due to e.g. DDoS attack, then regular users won't be able to access this flow either.
@InvincibleMan993 ай бұрын
Excellent work. Hats off to you.
@dprophecyguy4 ай бұрын
bro is using ai for his face video
@DubJrAOT3 ай бұрын
Hey can you please tell me what program you used to create your diagrams?
@ChristoKiwi4 ай бұрын
It would be great to have a deep dive video into the new AuthZ AWS solution: Verified Permissions!
@joudawad10424 ай бұрын
Great video… thank you for sharing 👌🏻
@Aleks-fp1kq4 ай бұрын
1. how what is actually returned by the lambda? Is there an expectation from the gateway to have the lambda return the api key 2. How does this solution prevent the noisy neighbor, because even though the client has golden badge his excessive request will affect others?
@InvincibleMan993 ай бұрын
For 1. I don't think so lambda has to return api key. Same token can be used to access api's for further requests. The token can be jwt token. So lambda will return the status. If the status is 401, means unauthorized.
@Xaoticex4 ай бұрын
this ai face video gives weird vibez
@BeABetterDev4 ай бұрын
its not ai
@bhomiktakhar82264 ай бұрын
Again a great video on mastering kubernetes. It makes a lot of sense to continue, we are going at a very good pace for someone wanting to learn kubernetes.
@MdAshraf0074 ай бұрын
Can someone please explain me why can't we just use one id( the tenantId or the cID) ?
@Aleks-fp1kq4 ай бұрын
I think we can but it depends on the API gateway implementation. Some expect the key in a custom header.
@optimiskat4 ай бұрын
I guess multiple tenant id can map to one CId
@ildar51844 ай бұрын
This is in the context of multi-tenant architecture, the point is to limit the number of requests for each tenant (group of users), depending on their tier (paid tenants get to perform more requests per second). API Gateway distinguishes these tenants by their clientID. You don't need different clientIDs, if you want to limit requests per second uniformly for all users, regardless of their status in your system.
@Aleks-fp1kq4 ай бұрын
@@ildar5184 the question was why the need for clientid AND tenantid.