A placement-ready AWS project that detects abnormal API usage and automatically throttles or disables the API, sends alerts, and prevents cost overruns — built only with AWS Always Free services.
- Detect abnormal API traffic via CloudWatch metrics
- Auto throttle/disable API Gateway when a threshold is crossed
- Alert admin via SNS email
- Restore normal limits when traffic returns to normal
Services used: AWS Lambda (Python 3.10), API Gateway (REST), DynamoDB, CloudWatch, SNS, IAM
Flow:
- API Gateway → Main API Lambda
- CloudWatch Alarm watches API request count
- SNS Topic sends email and triggers Kill-Switch Lambda
- Kill-Switch Lambda updates API Gateway throttling and persists state in DynamoDB
smart-api-kill-switch/
├─ lambdas/
│ ├─ main_api/
│ │ └─ app.py
│ └─ kill_switch/
│ └─ app.py
├─ infra/
│ ├─ dynamodb_schema.json
│ ├─ cloudwatch_alarm.json
│ ├─ iam_main_api_policy.json
│ └─ iam_kill_switch_policy.json
├─ tests/
│ └─ sample_events.json
└─ README.md
Create a table using infra/dynamodb_schema.json.
Table Name: api-usage-rules
Partition Key:
rule_id(String)
Example item (seed data):
{
"rule_id": "GLOBAL",
"max_requests_per_minute": 100,
"rate_limit": 5,
"burst_limit": 10,
"kill_switch_active": false,
"last_updated": 0
}Use these policies for Lambda roles:
- Main API Lambda: infra/iam_main_api_policy.json
- Kill-Switch Lambda: infra/iam_kill_switch_policy.json
Replace
REGION,ACCOUNT_ID,REST_API_ID,STAGE_NAMEin the policies.
- Main API: lambdas/main_api/app.py
- Kill-Switch: lambdas/kill_switch/app.py
Main API Lambda
TABLE_NAME=api-usage-rulesCONFIG_KEY=GLOBAL
Kill-Switch Lambda
TABLE_NAME=api-usage-rulesCONFIG_KEY=GLOBALREST_API_ID= your REST API IDSTAGE_NAME= e.g.prodKILL_RATE_LIMIT=0.1(default)KILL_BURST_LIMIT=1(default)
Use infra/cloudwatch_alarm.json as a template.
Metric
- Namespace:
AWS/ApiGateway - Metric:
Count - Statistic:
Sum - Period:
60seconds - Threshold:
100(requests/minute)
Dimensions
ApiNameandStage(or useApiId+Stage)
Actions
- Alarm + OK actions → SNS Topic (
api-usage-alerts)
Kill-Switch Lambda updates stage-level throttling for all methods:
- Activate:
rateLimit=0.1,burstLimit=1 - Deactivate: restore
rate_limitandburst_limitfrom DynamoDB
Implementation: lambdas/kill_switch/app.py
- Create DynamoDB table using schema file.
- Seed config item (
rule_id = GLOBAL). - Create Main API Lambda and set env vars.
- Create API Gateway REST API (proxy integration to Main API).
- Create SNS Topic and add email subscription.
- Create Kill-Switch Lambda and add SNS trigger.
- Create CloudWatch Alarm using provided config → set Alarm/OK actions to SNS.
- No EC2, no RDS, no NAT Gateways ✅
- API Gateway REST, Lambda, DynamoDB, CloudWatch, SNS all Always Free ✅
- Keep logs short to avoid excess CloudWatch ingestion ✅
- Use small test traffic ✅
Examples in tests/sample_events.json.
Test 1: API request
- Expected:
200 OK
Test 2: Alarm state = ALARM
- Kill-Switch activates
- Throttling reduced
kill_switch_active = true
Test 3: Alarm state = OK
- Kill-Switch deactivates
- Normal throttling restored
- Built a Smart API Kill-Switch System on AWS Free Tier using Lambda, API Gateway, DynamoDB, SNS, and CloudWatch to prevent cost overruns.
- Automated abnormal traffic detection with CloudWatch alarms and dynamic API throttling updates.
- Implemented least-privilege IAM policies and resilient fallback logic for API protection.
“I built an AWS-based API kill-switch that monitors request spikes using CloudWatch metrics. When a threshold is exceeded, an SNS-triggered Lambda automatically throttles API Gateway and logs state in DynamoDB. When traffic normalizes, limits are restored. This keeps the API safe from abuse and ensures free-tier cost control without EC2 or RDS.”