Hi, I am working on a requirement wherein I have to restrict the incoming requests to Lamba function behind the AWS API Gateway to be less than 800 KB. This needs to implemented preferrably at the Gateway level and need to implement it in Terraform as Infrastructure-as-Code. I am thinking that AWS [WAF SizeConstraint](https://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraintStatement.html) might be the answer but looks like it will only inspect up to 4096 bytes and also not sure how to implement a filter that rejects incoming requests greater than 800 KB body size in Terraform. Thanks in Advance

Need to limit AWS API gateway incoming request body size to less than 800 KB

Hi, I am working on a requirement wherein I have to restrict the incoming requests to Lamba function behind the AWS API Gateway to be less than 800 KB. This needs to implemented preferrably at the Gateway level and need to implement it in Terraform as Infrastructure-as-Code. I am thinking that AWS WAF SizeConstraint might be the answer but looks like it will only inspect up to 4096 bytes and also not sure how to implement a filter that rejects incoming requests greater than 800 KB body size in Terraform.

Thanks in Advance

Topics

Serverless Security, Identity, & Compliance Front-End Web & Mobile Networking & Content Delivery

Tags

Serverless AWS WAF Amazon API Gateway

Language

English

rePost-User-6243945

asked a year ago463 views

1 Answer

Newest
Most votes
Most comments

Accepted Answer

The SizeConstraint operator is the right thing to use in this case - it looks at the value for the Content-Length header. The limitation on 8192 bytes is only in place if you want WAF to inspect the contents of the request.

EXPERT

Brettski-AWS

answered a year ago

rePost-User-6243945
a year ago
Thanks for your @Brettski. I am looking to implement this in Terraform for AWS WAP but there is very little documentation around it. I found a skeleton like this https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/waf_size_constraint_set. Do you know how to implement a request filter condition in Terraform for API Gateway for SizeConstraint to reject request of length over 800KB?
Brettski-AWS EXPERT
a year ago
I'm sorry, I don't know much about Terraform.

Relevant content

AWS WAF Rule Configuration to differentiate related requests to "body size" in the logs
Sena S
asked 7 days ago
Lambda Function with API Gateway HTTP API: Request Body is NULL
Accepted Answer
Wwwtr
asked 9 months ago
"The incoming event is not a valid request from Amazon API Gateway or an Application Load Balancer" lambda Postman
Ayla Winters
asked a year ago
API gateway integration request body to accept wildcard
rePost-User-5765551
asked a year ago
How can I troubleshoot "429 Too Many Requests" or "Limit Exceeded" errors for my API Gateway API?
AWS OFFICIALUpdated 2 years ago
How can I resolve the errors that I receive when I integrate API Gateway with a Lambda function?
AWS OFFICIALUpdated a year ago
Can I use ACM to issue private certificates when the AWS Private CA validity is less than 13 months?
AWS OFFICIALUpdated 5 months ago
How do I select the best Amazon API Gateway Cache capacity to avoid hitting a rate limit?
AWS OFFICIALUpdated 2 years ago
Implementing request parameters validation in Amazon API Gateway REST API with Cloud Development Kit (CDK)
EXPERT
Vihang Shah
published 5 months ago
How to Create a Feature Request for AWS: A Step-by-Step Guide
EXPERT
Giovanni Lauria
published 22 days ago