AWS API Gateway Throttling not working as expected

2
votes

I'm trying to enable API Gateway throttling, but it's not working as expected.

I set Default Method Throttling Rate to 1 request per second, and Burst to 1 request.

enter image description here

Then I created a loop in my code to make 10 simultaneous requests to my API endpoint.

for (let i=0; i<10; i++) {
    axios.get(url);
}

The expected result would be:

  • 1 successful request
  • 9 throttled requests (HTTP 429 error)

But the actual result was the opposite:

  • 9 successful requests
  • 1 throttled request (HTTP 429 error)

I repeated the process, but making 20 simultaneous request and the result was:

  • 16 successful requests
  • 4 throttled requests (HTTP 429 error)

On CloudWatch logs for this API method, I found different Log streams, each one with only few milliseconds difference.

enter image description here

If I set Rate to 0 requests per second and Burst to 0 request, the throttling works and ALL requests get throttlet. But when I set Rate and Bust to 1 it does not work as expected.

Why is that happening? I need to limit my API to only 1 request per second.

2
amazon-web-servicesaws-lambdaaws-api-gatewaythrottling
Did you use the same API key when you tested the throttling? Those limits are applied per API key. - Tasos P.
Also make sure when you're editing the throttling, deploy the API to an active stage for it to take effect - Deiv
I am not using any API key. The API method is public. - Daniel Barral
That's your issue, this throttling is based on usage plans with api keys. @Cascader answered below correctly - Deiv
So, your are saying it's not possible to throttle public APIs without api key/usage plan? Then, why is some of the requests returning HTTP 429 - Too Many Requests? - Daniel Barral

2 Answers

1
votes

There are two ways to apply limits on API calls:

  1. Account-level throttling
  2. API-level and stage-level throttling

When you need to apply API-level or stage-level throttling, you have to use usage plans:

A usage plan specifies who can access one or more deployed API stages and methods—and also how much and how fast they can access them

0
votes

It seems AWS API Gateway throttling is not very precise for small values of rate/burst.

I imagine that there are multiple "instances" of the API Gateway running, and the values of rate and burst are "eventually consistent".

However I did not find any documentation about that.

When I made an initial request and wait 500 milliseconds before making other 99 requests, the results were "less imprecise".

Example:

axios.get(url);
setTimeout(function(){
    console.log("After 500 ms");
    for (let i=0; i<99; i++) {
        axios.get(url);
    }
}, 500);

Results:

  • Once I got 1 success and 99 throttles.
  • Other time I got 12 success and 88 throttles.
  • Other time I got 33 success and 67 throttles.

However, it's difficult to have consistent results.