feat: add transparent rate limiting to prevent AWS API throttling#240
Merged
karl-cardenas-coding merged 1 commit intokarl-cardenas-coding:mainfrom Mar 7, 2026
Conversation
Adds a token-bucket rate limiter (golang.org/x/time/rate) at 10 requests/second to proactively pace AWS API calls. This prevents TooManyRequestsException errors when processing environments with many Lambda functions, where tight sequential loops of ListVersionsByFunction, ListAliases, and DeleteFunction calls exceed the 15 rps per-account API limit. The rate limiting is transparent — no user configuration required. The limiter is applied before each AWS API call in: - getAllLambdaVersion (ListVersionsByFunction and ListAliases pagination) - getAllLambdas with custom list (GetFunction per Lambda) - deleteLambdaVersion (DeleteFunction per version) Made-with: Cursor
casey-robertson-paypal
force-pushed
the
feat/add-rate-limiting
branch
from
f552219 to
960f1a5
Compare
casey-robertson-paypal
changed the title
Owner
|
Ran test suit locally - 👍🏻 |
karl-cardenas-coding
merged commit c591145
into
karl-cardenas-coding:main
3 of 4 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs #241
Summary
golang.org/x/time/rate) at 10 requests/second to proactively pace AWS API callsTooManyRequestsExceptionerrors when processing environments with many Lambda functions (60+ observed to trigger throttling)golang.org/x/timewas already an indirect dependency; promoted to direct with no new transitive depsProblem
In environments with many Lambda functions, the tool fires
ListVersionsByFunction,ListAliases, andDeleteFunctioncalls in tight sequential loops with no pacing. The AWS Lambda control plane API enforces a hard limit of 15 requests/second shared across all control plane APIs (excluding invocation, GetFunction, and GetPolicy). This limit cannot be increased. The SDK's standard retry (3 attempts) cannot recover from sustained throttling:With 60 Lambdas and
--skip-aliases, the tool makes 120+ control plane API calls in rapid succession — exhausting the shared 15 rps budget within ~4 seconds.Approach
A
rate.Limiterset to 10 rps (leaving headroom below the hard 15 rps limit) is created once per execution and passed to all functions that make AWS API calls.limiter.Wait(ctx)is called before each API request, which blocks only when the request rate would exceed the limit.The rate is hardcoded rather than user-configurable because the AWS control plane rate limit is a fixed, non-adjustable constant — there is no correct user-chosen value other than "below 15." Debug-level logging (
--verbose) shows when the limiter is active.Changes
cmd/clean.godefaultAPIRPSconstant, createrate.Limiter, calllimiter.Wait(ctx)before each AWS API callcmd/clean_test.gocmd/root_test.gogo.modgolang.org/x/timefrom indirect to directTest plan
TestRateLimiterPacesRequests— verifies limiter enforces pacing at configured rateTestRateLimiterUnlimited— verifiesrate.Infimposes no delayTestRateLimiterContextCancellation— verifies limiter respects context cancellationgo vet ./...clean