artillery load testing and dos/ddos protection?

[gaiaml]

Hi everyone,

I’m currently load testing an API Gateway integrated with a Lambda function. However, I’ve noticed that if I exceed 15 requests per second, I start encountering a lot of timeouts. The request is a simple one that returns a basic text response:

[HttpGet("load-test")]
public IActionResult LoadTesting()
{
    try
    {
        return Ok("success");
    }
    catch (Exception ex)
    {
        _logger.LogError("Exception Message: " + ex);
        return StatusCode(500, new { message = "Error occurred during load-test" });
    }
}

Interestingly, when I connect to the API from my phone on 5G, I don’t experience any timeouts, even during the load test. This makes me think that AWS might be throttling my requests when I use Artillery, possibly detecting it as a DoS/DDoS attack.

Does anyone have ideas on how I can properly conduct load testing in this scenario?

Thanks!

[hassy]

Are you using AWS WAF in front of API Gateway? You should be able to add Artillery's traffic to its allowlist by IP / header (e.g. user-agent or a custom header) - https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-string-conditions.html

[gaiaml]

I don't use WAF or any other protection
Api Gateway and Lambda only.

I am running the test with artillery run and not artillery run-lambda