Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Control billing for aws lambda by api hit through locust

0

As lambda is pay you go service, I have some question on it . Suppose I host my application using AWS Lambda and API gateway. If someone hits my api through locust then my billing increases tremendously . Suppose I have lambda concurrency of 1000 and someone hits through locust with 1000 concurrency with 1000 users/sec. My billing will be out of my control. How can I control such load testing by someone others so that billing for Lambda won't increase?

Themen
Cloud-FinanzmanagementServerlosKalkulation
Tags
AWS Kosten-ExplorerAWS LambdaAWS Abrechnung
Sprache
English
Techxonia
gefragt vor 2 Jahren286 Aufrufe
2 Antworten
2

You could restrict the number of concurrent Lambda functions that can run but that might create other challenges for you - namely that your application won't scale when you need it to.

A better solution might be to throttle API Gateway calls. For example, you could throttle each individual client or just a specific stage.

If this is malicious traffic another solution could be to use WAF to protect your API. One example is where you could detect whether there are a lot of requests coming from a single IP address and dynamically deny or throttle access from there.

profile pictureAWS
EXPERTE
Brettski-AWS
beantwortet vor 2 Jahren
  • Techxonia
    vor 2 Jahren

    Does Throttling API gateway call count towards API charge ?

  • Techxonia
    vor 2 Jahren

    I have another issue after implementing WAF. https://repost.aws/questions/QUNQvDBuveTF655KQOTpxjfw/aws-waf-didnt-block-requests-if-block-condition-matched-for-first-time I have posted my qn on that link to here also Using locust , I made WAF test on my application. I made a rate limit based rule to block IP if requests exceed 100 in a default 5 minute window. When I tested with concurrency 400 with spawn rate 40, then WAF doesnot block after total requests exceeds 100. But when I stop the test and make a new test in locust and then only WAF blocks that IP for 5 min .

    I tested many times and found when I make a first locust test , WAF is not working even if condition meets. But it works if I stop that test and make a new test. My purpose of blocking through WAF seems not feasible since attacker can make attack with huge requests and that won't be blocked.

0

I believe rate based rules with WAF would be a good solution to protect your application against floods. This blog article may help you: https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/

AWS
amazonchris
beantwortet vor 2 Jahren
  • Techxonia
    vor 2 Jahren

    Billing for WAF is according to webacl , rules and number of web requests received across all web ACLs. While billing for lamda is decreased due to waf , doesn't it instead increase billing for aws waf?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt