429 - Too Many Requests

Question

We have a .net lambda function connected to an API Gateway. This has been working fine for several weeks but all of a sudden this morning I am getting Too Many Requests errors. I have no idea why. Our app is still in development so has not been hit with very light traffic.  
  
At first we were getting what was manifesting itself as CORS errors in the browser. It worked in Postman so that lead us to believe there was suddenly a CORS error but looking at headers there was the header:  
  
x-amzn-errortype: LimitExceededException  
  
At this point it was still working in Postman but about an hour later it stopped working in Postman too. (That is where I saw the 429 error). I also saw a similar error (Too Many Requests) pop up in the AWS console too when I was attempting to delete a custom domain name that we were no longer using. I tried again and it did delete.  
  
1. What is going on?  
2. How long do 429 errors last for?  
3. Will it just reset itself?  
  
Thanks

Answer

I wanted to report how I solved this in case somebody else should have this issue.  
  
There was a usage plan in place for this API. (in API gateway, under Usage Plans). For my API there was a quota set up of 5000 hits per month. This was hit and we got the 429 errors. Given that this is an internal API we have removed the monthly quota limit.  
  
What we noticed when we looked at the logs was that there was over 1000 hits within five minutes yesterday evening. I am not sure why this would have happened other than it was a brute force attack against the endpoint. We have now added an API key requirement to it, in the hope that this will prevent this kind of attack.

429 - Too Many Requests

관련 콘텐츠