Control billing for aws lambda by api hit through locust
As lambda is pay you go service, I have some question on it . Suppose I host my application using AWS Lambda and API gateway. If someone hits my api through locust then my billing increases tremendously . Suppose I have lambda concurrency of 1000 and someone hits through locust with 1000 concurrency with 1000 users/sec. My billing will be out of my control. How can I control such load testing by someone others so that billing for Lambda won't increase?
You could restrict the number of concurrent Lambda functions that can run but that might create other challenges for you - namely that your application won't scale when you need it to.
A better solution might be to throttle API Gateway calls. For example, you could throttle each individual client or just a specific stage.
If this is malicious traffic another solution could be to use WAF to protect your API. One example is where you could detect whether there are a lot of requests coming from a single IP address and dynamically deny or throttle access from there.
I have another issue after implementing WAF. https://repost.aws/questions/QUNQvDBuveTF655KQOTpxjfw/aws-waf-didnt-block-requests-if-block-condition-matched-for-first-time I have posted my qn on that link to here also Using locust , I made WAF test on my application. I made a rate limit based rule to block IP if requests exceed 100 in a default 5 minute window. When I tested with concurrency 400 with spawn rate 40, then WAF doesnot block after total requests exceeds 100. But when I stop the test and make a new test in locust and then only WAF blocks that IP for 5 min .
I tested many times and found when I make a first locust test , WAF is not working even if condition meets. But it works if I stop that test and make a new test. My purpose of blocking through WAF seems not feasible since attacker can make attack with huge requests and that won't be blocked.
I believe rate based rules with WAF would be a good solution to protect your application against floods. This blog article may help you: https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Billing for WAF is according to webacl , rules and number of web requests received across all web ACLs. While billing for lamda is decreased due to waf , doesn't it instead increase billing for aws waf?
Relevant questions
Billing on Api Gateway after Waf deny requests
asked 4 months agoAccess lambda in custom VPC from public API Gateway
Accepted Answerasked 4 months agoComaptibility between REST and HTTP API
asked 10 days agoApi Gateway with Lambda Integration Failure
asked 4 months agoAPI Gateway, Lambda and CORS
asked a year agoLambda billing duration for normal traffic
Accepted Answerasked 2 months agoLambda error code
asked 2 years agoLambda+ALB vs Lambda+API GW
Accepted Answerasked 4 months agoControl billing for aws lambda by api hit through locust
asked 4 months agoDoes AWS Charge for Throttled requests ?
asked 2 years ago
Does Throttling API gateway call count towards API charge ?