Prevent API overload with rate limiting in AWS

5 min readApr 11

In the early days of the covid pandemic, and for a significant period, when we went to the supermarket, we had to wait in a queue for our turn to enter the supermarket. Only a certain number of customers could shop together at a particular time. The intention was to keep a physical distance between individuals to limit the spread of the virus, hence keeping people safe and limiting the load on the health system.

That’s similar to what we do in Software when we rate limit our APIs. We do it for multiple reasons, including preventing abuse (e.g. malicious user overwhelming the system with too many requests), managing downstream services and resources (e.g. database) or simply using rate limit as a way to monetize the APIs (e.g. enabling free users to use the APIs less frequently than paid users).

This post will build an API using AWS API Gateway and explore how to rate-limit calls to our endpoints. API Gateway is a managed service from AWS that helps you publish, manage and monitor your APIs. We will use Terraform to set up our infrastructure.

We deploy APIs to stages in API Gateway, where each stage has a single deployment. You could have one stage for development, one for testing and one for production. Each stage has its URL and settings.

We will build an endpoint that returns the number of people in the supermarket. It will be of this shape: GET /…/prod/customers.

Build the API

In Terraform:

Create the REST API

resource "aws_api_gateway_rest_api" "api" {
  name = "SupermarketCustomers"
  description = "Tracks the number of customers that enter the supermarket"
  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

Create the “Customers” resource. That will be the first endpoint:

resource "aws_api_gateway_resource" "customers_resource" {
  rest_api_id = aws_api_gateway_rest_api.api.id
  parent_id = aws_api_gateway_rest_api.api.root_resource_id
  path_part = "customers"
}

Create the method for this resource — GET in this case:

resource "aws_api_gateway_method" "get_method" {
  rest_api_id = aws_api_gateway_rest_api.api.id
  resource_id =…

Prevent API overload with rate limiting in AWS

Build the API

Written by Ali Haydar

More from Ali Haydar

API Testing with Cypress

When selecting a tool to perform API testing, it’s natural to pick one that’s built for this purpose, such as Postman, SoapUI, RestAssured…

Effortlessly Juggling Multiple Concurrent Requests in AWS Lambda

Have you ever tried to handle a ton of requests at once with AWS Lambda? What if you had a critical operation that required speed, scaling…

Navigation within a React app

As with any website, I wanted to add a navigation menu to my personal website (built with ReactJS) when I was developing it —…

How to enhance your Lambda function performance with memory configuration?

I have a lambda function that’s taking a few seconds to execute, and that’s not related to a cold start. It’s the code in the handler…

Recommended from Medium

System Design: Chat Application

Understanding the architecture and system design of a real-time chat application

The Architecture of a Modern Startup

Hype wave, pragmatic evidence vs the need to move fast

Lists

General Coding Knowledge

Coding & Development

Stories to Help You Grow as a Software Developer

It's never too late or early to start something

AWS — Amazon EventBridge — Event Bus Explained

Explore Amazon EventBridge in this comprehensive guide, covering its core components, features, benefits, and use cases, and learn how it…

Should you use Serverless for your API?

Serverless functions and container comparison using load testing

Why Are AWS Lambda Services Preferred in Many Projects?

Before explaining why aws lambda services are preferred in many projects, I would like to start by explaining the serverless concept…

Using VPC Endpoint To Control Access To Trusted S3 Buckets

Creating an endpoint policy for S3 buckets allows you to control access to those buckets.