I'm running a simple static website using CloudFront and an S3 bucket, but I'm really concerned about the lack of built-in rate limiting. It feels risky since someone could easily bombard my endpoint with requests from a CLI, leading to unexpected resource usage and costs. I've been exploring the idea of using Proof of Work (PoW) schemes for rate limiting through CloudFront functions. Is there anyone out there who has looked into this or knows of any open source projects related to it? Also, I'm open to other solutions for preventing bad actors from using too many resources. My traffic is usually low and I don't want to deal with high traffic issues, which makes me consider switching to a small EC2 instance instead.
3 Answers
Premature optimization is a real thing! If your traffic isn't significant, maybe you don’t need to go all out yet. That said, CloudFront caching will definitely help. Cached assets won't hit your S3 every time, reducing unnecessary requests.
Honestly, if your traffic is low, I'd say don’t stress too much about it. Just use the free tier of CloudFlare for some basic protection. It's a solid way to handle this without overcomplicating your setup right now.
Have you thought about using a rate limit rule through AWS WAF? It could be a straightforward solution. Even though I get that it might seem a bit pricey, the costs can be reasonable compared to using CloudFront functions. AWS WAF has a base charge, and then it’s around $0.60 per million requests, which isn’t too bad.
Just keep in mind that AWS WAF blocks requests temporarily (like for 5 minutes), so it might not fully prevent abuse.
That’s a good point! I was dismissing it originally, but it doesn’t seem too expensive after all when you compare it to CloudFront. I might just go with WAF for added protection!
Haha, I get that! I guess I’m just a bit paranoid. After testing with some curl commands, I saw requests hitting CloudFront still, even without hitting S3. I'm thinking of setting up an alarm to monitor traffic and potentially using a Lambda function to manage it.