I'm using AWS Lambda and API Gateway, but I'm concerned about potential DDoS attacks, especially with limited funds. AWS Shield Advanced can be really pricey at $3000, which isn't feasible for many of us. If a competitor or someone else decides to spam my Lambda API with requests, it could lead to skyrocketing costs. How do others manage to protect their setups on a budget? Are AWS WAF and AWS Shield Standard sufficient for safeguarding against DDoS attacks on API Gateway and Lambda? I've also heard about using ElastiCache for rate limiting, but since it interacts with Lambda, I'm wondering if it can effectively limit invocation or just help with database calls. Any insights would be appreciated!
2 Answers
Don't forget that Shield Basic provides Layer 3 DDoS protection automatically with API Gateway. If you want more advanced protection, that's where Shield Advanced comes in, covering Layer 7 as well.
API Gateway's throttling feature is actually pretty good for users on tight budgets. You can tweak settings to manage your traffic effectively without too much hassle.
But wouldn’t throttling also affect legitimate users? Like, what if there's a sudden spike in traffic?