429 - Too Many Requests


We have a .net lambda function connected to an API Gateway. This has been working fine for several weeks but all of a sudden this morning I am getting Too Many Requests errors. I have no idea why. Our app is still in development so has not been hit with very light traffic.

At first we were getting what was manifesting itself as CORS errors in the browser. It worked in Postman so that lead us to believe there was suddenly a CORS error but looking at headers there was the header:

x-amzn-errortype: LimitExceededException

At this point it was still working in Postman but about an hour later it stopped working in Postman too. (That is where I saw the 429 error). I also saw a similar error (Too Many Requests) pop up in the AWS console too when I was attempting to delete a custom domain name that we were no longer using. I tried again and it did delete.

  1. What is going on?
  2. How long do 429 errors last for?
  3. Will it just reset itself?


asked 3 years ago2751 views
1 Answer

I wanted to report how I solved this in case somebody else should have this issue.

There was a usage plan in place for this API. (in API gateway, under Usage Plans). For my API there was a quota set up of 5000 hits per month. This was hit and we got the 429 errors. Given that this is an internal API we have removed the monthly quota limit.

What we noticed when we looked at the logs was that there was over 1000 hits within five minutes yesterday evening. I am not sure why this would have happened other than it was a brute force attack against the endpoint. We have now added an API key requirement to it, in the hope that this will prevent this kind of attack.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions