This article will help you deploy an F5 BIG-IP WAF in front of your AWS API Gateway to provide additional security. It shows how to deploy a basic WAF policy to protect your API Gateway, and you can ...
Yes, protecting APIs against small scale automation attacks can be challenging. Here's a few recommendations:
If you can, implement authorization controls as your first line of defense. APM can support this need with OAuth/JWT natively in v13.1.
Leverage bad actor blacklisting. Once you've identified malicious requests, block the bad actor rather than just the bad requests. If your API is being probed, it's likely they'll be trying invalid requests or something that will be caught by a signature at some point.