Which solution will meet these requirements MOST cost-effectively?
Configure the API to send requests to Amazon Simple Queue Service (Amazon SQS) queues instead of directly to the Lambda functions. Update the Lambda functions to consume messages from the queues and to process the requests. Set up the queues to invoke the Lambda functions when new messages arrive.
Configure provisioned concurrency for each Lambda function. Use AWS Application Auto Scaling to register the Lambda functions as targets. Set up scaling schedules to increase and decrease capacity to match changes in API usage.
Create an API Gateway API key and an AWS WAF Regional web ACL. Associate the web ACL with the Production stage. Add a rate-based rule to the web ACL. In the rule, specify the rate limit and a custom request aggregation that uses the X-API-Key header. Share the API key with the external development team.
Create an API Gateway API Key and usage plan. Define throttling limits and quotas in the usage plan. Associate the usage plan with the Production stage and the API key. Share the API key with the external development team.
Explanations:
While using Amazon SQS can decouple the API from the Lambda functions and help manage bursts of traffic, it introduces additional complexity by requiring the Lambda functions to poll SQS for messages. This does not directly address cost control since the costs associated with SQS and increased Lambda invocations can still occur, especially during peak usage.
Provisioned concurrency can help with performance and reduce cold starts, but it involves paying for reserved capacity regardless of usage. This does not effectively limit costs during periods of low demand, making it less suitable for controlling costs when usage is unpredictable.
While AWS WAF can help control access and mitigate DDoS attacks, a rate-based rule alone does not manage costs effectively. It may help prevent excessive usage, but it does not provide a clear mechanism for directly limiting API calls or controlling costs for the external team as a primary consumer.
Creating an API Gateway API key and a usage plan with throttling limits and quotas effectively controls the maximum number of requests the external development team can make. This allows the company to manage costs directly by setting limits on usage and is the most straightforward and cost-effective solution for this scenario.