Firewall / DDOS protection

Hi there,

We’re using several serverless.com projects now on AWS and I wonder if its possible to avoid DDOS/Brute force attacks by using AWS products, or built in features.

What we for example want to avoid:

  • Huge invoices because someone floods an endpoint (to be solved by AWS budgets, or is there a better way?)
  • Same for brute forcing a specific route, for example calling the login route 100 times a minute. of course also here (1) applies, but here more in terms of security

Any thoughts appreciated, best would be to get this all configured by serverless.yml itself, if possible

Hi!

from aws apigateway FAQ:
API Gateway supports throttling settings for each method or route in your APIs. You can set a standard rate limit and a burst rate limit per second for each method in your REST APIs and each route in WebSocket APIs. Further, API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3).