API Rate Limiting Solutions on EKS

Rate Limiting is essential to protect your APIs from malicious users or poorly written loops. You must define rules like "One IP address can send at most 100 requests per minute".

There are 3 ways to do this on Amazon EKS:

1. AWS WAF (Easiest)

Put AWS WAF in front of your EKS Ingress (ALB).

• Advantage: Works outside the cluster, traffic is blocked before reaching your pods (Offloading).
• Rule: You can set IP-based limits by creating a "Rate-based rule".

2. Ingress Controller Level (NGINX / Envoy)

If you are using Ingress NGINX, you can set limits with annotations.

nginx.ingress.kubernetes.io/limit-rps: "5"

This method is simple but not distributed. Each pod keeps its own counter.

3. API Gateway / Service Mesh (Most Capable)

You can write very advanced rules using Istio or Envoy Gateway.

• Limit based on User ID (JWT claim).
• Global (Redis-backed) limit counter.

Which method you choose depends on where you want the protection to be (Edge vs Pod).