I created role for AWS authentication in Vault. I need a possibility to use rate limits related to such role for one of my secret engines.
I found in documentation only global rules that affect all roles.
Is it possible to assign rate limits for specific path to the specific policy or role?
And also I have my test KV v2 engine: my_test_engine.
I need rate limitation that will affect only my-test-role role or my_test_policy policy, and this rate limitation should be relates only to my_test_engine secret engine.
Is it possible for Vault to make such configuration?
Sorry I’m rewriting this as I re-read your post.
No, you can’t build on different paths and create a complex rule.
You can rate-limit “a” path, it has no connectivity to other paths or auth or policies. You CAN rate-limit each of the paths but that’s it. Also rate-limiting a policy doesn’t make much sense – unless you’re using that policy in multiple auth setups and you want to limit the rate at which the policy can be requested (not sure that would work anyway – if auth is not rate-limited and succeeds – rating the policy isn’t going to stop the auth from success or failure).