I wanted to report how I solved this in case somebody else should have this issue.
There was a usage plan in place for this API. (in API gateway, under Usage Plans). For my API there was a quota set up of 5000 hits per month. This was hit and we got the 429 errors. Given that this is an internal API we have removed the monthly quota limit.
What we noticed when we looked at the logs was that there was over 1000 hits within five minutes yesterday evening. I am not sure why this would have happened other than it was a brute force attack against the endpoint. We have now added an API key requirement to it, in the hope that this will prevent this kind of attack.
Do API Gateway 429 return codes count against request quotaAccepted Answerasked 2 years ago
how to avoid getting invocation error from lambda function being too idleasked 2 months ago
Greengrass lambda function making a request to local API runs many timesasked 4 years ago
AWS Glue pyspark, AWS OpenSearch and 429 Too Many Requestsasked 5 months ago
MongoError: Too many fieldsasked a year ago
Got access to the Amazon PA API but always get Error 429 Too many requestsasked 10 months ago
429 - Too Many Requestsasked 2 years ago
StartChatContact API failed with error 429 Too Many Requestsasked 2 years ago
API Gateway not forwarding all access logs to Cloudwatchasked 3 years ago
API Gateway throttles requestsasked 4 months ago