AWS API Gateway Throttling not working as expected

Question

I'm trying to enable API Gateway throttling, but it's not working as expected.

I set Default Method Throttling Rate to 1 request per second, and Burst to 1 request.

Then I created a loop in my code to make 10 simultaneous requests to my API endpoint.

for (let i=0; i<10; i++) {
    axios.get(url);
}

The expected result would be:

1 successful request
9 throttled requests (HTTP 429 error)

But the actual result was the opposite:

9 successful requests
1 throttled request (HTTP 429 error)

I repeated the process, but making 20 simultaneous request and the result was:

16 successful requests
4 throttled requests (HTTP 429 error)

On CloudWatch logs for this API method, I found different Log streams, each one with only few milliseconds difference.

If I set Rate to 0 requests per second and Burst to 0 request, the throttling works and ALL requests get throttlet. But when I set Rate and Bust to 1 it does not work as expected.

Why is that happening? I need to limit my API to only 1 request per second.

Did you use the same API key when you tested the throttling? Those limits are applied per API key. — Tasos P., Jul 28 '20 at 20:15
Also make sure when you're editing the throttling, deploy the API to an active stage for it to take effect — Deiv, Jul 28 '20 at 20:16
If I change the stage throttling setting I need to redeploy de API? — Daniel Barral, Jul 28 '20 at 20:20
That's your issue, this throttling is based on usage plans with api keys. @Cascader answered below correctly — Deiv, Jul 28 '20 at 20:34
So, your are saying it's not possible to throttle public APIs without api key/usage plan? Then, why is some of the requests returning HTTP 429 - Too Many Requests? — Daniel Barral, Jul 28 '20 at 21:00
I'm facing same issue with `rate limit` and `burst`, its not working as expected. Did you find solution for that? @DanielBarral — Karthik Vadla, Jun 23 '21 at 19:36
@KarthikVadla I was not able to have consistent results. Check my answer below. — Daniel Barral, Jun 23 '21 at 21:18

Daniel Barral · Answer 1 · 2020-07-29T14:57:08.443

It seems AWS API Gateway throttling is not very precise for small values of rate/burst.

I imagine that there are multiple "instances" of the API Gateway running, and the values of rate and burst are "eventually consistent".

However I did not find any documentation about that.

When I made an initial request and wait 500 milliseconds before making other 99 requests, the results were "less imprecise".

Example:

axios.get(url);
setTimeout(function(){
    console.log("After 500 ms");
    for (let i=0; i<99; i++) {
        axios.get(url);
    }
}, 500);

Results:

Once I got 1 success and 99 throttles.
Other time I got 12 success and 88 throttles.
Other time I got 33 success and 67 throttles.

However, it's difficult to have consistent results.

score 1 · Answer 2 · answered Jul 28 '20 at 20:19

1

There are two ways to apply limits on API calls:

When you need to apply API-level or stage-level throttling, you have to use usage plans:

A usage plan specifies who can access one or more deployed API stages and methods—and also how much and how fast they can access them

answered Jul 28 '20 at 20:19

Tasos P.

3,994
2
21
41

1

So, it's not possible to throttle public APIs without api key/usage plan? Then, why is some of my requests returning HTTP 429 - Too Many Requests? – Daniel Barral Jul 28 '20 at 21:02
That's what documented, but actually you can set throttling to any public endpoint, at least for apigatewayv2: `aws apigatewayv2 update-stage --api-id 4767ptc6kh --stage-name foo --route-settings '{"GET /proxy":{"ThrottlingBurstLimit":1,"ThrottlingRateLimit":1}}'` And as mentioned above it doesn't work as expected, because seems there are multiple API gateway instances which doesn't share filters and operate independently. – ARA1307 Apr 06 '21 at 00:15

AWS API Gateway Throttling not working as expected

2 Answers2

Linked