Control billing for aws lambda by api hit through locust

0

As lambda is pay you go service, I have some question on it . Suppose I host my application using AWS Lambda and API gateway. If someone hits my api through locust then my billing increases tremendously . Suppose I have lambda concurrency of 1000 and someone hits through locust with 1000 concurrency with 1000 users/sec. My billing will be out of my control. How can I control such load testing by someone others so that billing for Lambda won't increase?

asked 2 years ago269 views
2 Answers
2

You could restrict the number of concurrent Lambda functions that can run but that might create other challenges for you - namely that your application won't scale when you need it to.

A better solution might be to throttle API Gateway calls. For example, you could throttle each individual client or just a specific stage.

If this is malicious traffic another solution could be to use WAF to protect your API. One example is where you could detect whether there are a lot of requests coming from a single IP address and dynamically deny or throttle access from there.

profile pictureAWS
EXPERT
answered 2 years ago
  • Does Throttling API gateway call count towards API charge ?

  • I have another issue after implementing WAF. https://repost.aws/questions/QUNQvDBuveTF655KQOTpxjfw/aws-waf-didnt-block-requests-if-block-condition-matched-for-first-time I have posted my qn on that link to here also Using locust , I made WAF test on my application. I made a rate limit based rule to block IP if requests exceed 100 in a default 5 minute window. When I tested with concurrency 400 with spawn rate 40, then WAF doesnot block after total requests exceeds 100. But when I stop the test and make a new test in locust and then only WAF blocks that IP for 5 min .

    I tested many times and found when I make a first locust test , WAF is not working even if condition meets. But it works if I stop that test and make a new test. My purpose of blocking through WAF seems not feasible since attacker can make attack with huge requests and that won't be blocked.

0

I believe rate based rules with WAF would be a good solution to protect your application against floods. This blog article may help you: https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/

AWS
answered 2 years ago
  • Billing for WAF is according to webacl , rules and number of web requests received across all web ACLs. While billing for lamda is decreased due to waf , doesn't it instead increase billing for aws waf?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions