#Lambda Function URL over API Gateway + Security?

Hi all,
Currently making my way through the challenge. I was wondering if there was any reason why API Gateway was chosen over a lambda function URL? It seems like a lambda function URL accomplishes the same but with less maintenance. Am I missing something?

Also, is there a way to prevent people from spamming the lambda/API gateway endpoint? This will obviously increase our costs. I am hoping to keep my website around for a long time but I am slightly worried that someone could potentially spam the endpoint. Thanks!

There are 2 ways : 1) put WAF in front on CloudFront and create a rate limit rule 2) create rate limit rule + usage plan in API Gateway itself. I limited mine to 50 times per second for now.

Thanks, makes sense. Is there a practical reason we use API Gateway over Lambda function URL?

At the time the challenge was created, they did not exist. Lambda urls are newer. And you're right, it's a lot easier to use than API gateway. For throttling, you can experiment with reducing the reserved concurrency on the Lambda function itself.