The latest articles on DEV Community by Shubham Singh (@shubham_singh_dc4c3162182). https://dev.to/shubham_singh_dc4c3162182 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3218976%2F4a72d4e2-1d2f-40ab-96a0-eb2bbddeb8e8.jpg https://dev.to/shubham_singh_dc4c3162182 en Shubham Singh Wed, 28 May 2025 18:18:07 +0000 https://dev.to/shubham_singh_dc4c3162182/layering-approach-lambda-19j0 https://dev.to/shubham_singh_dc4c3162182/layering-approach-lambda-19j0 <h2> 🧬 Layering Approach in YAML for AWS Lambda: Why It Matters </h2> <p>Serverless is awesome—until you hit the <strong>50MB zipped size limit</strong> of AWS Lambda or have to <strong>reuse packages</strong> across multiple functions. That’s where <strong>Lambda Layers</strong> and the <strong>layering approach in YAML</strong> come in.</p> <p>In this post, you’ll learn:</p> <ul> <li>What Lambda Layers are</li> <li>Why and when to use them</li> <li>How to define them using <strong>SAM YAML</strong> </li> <li>Pros, cons, and AWS Lambda limits</li> </ul> <h2> 🧠 What Are Lambda Layers? </h2> <p>A <strong>Lambda Layer</strong> is a <strong>distribution mechanism for libraries, custom runtimes, and other dependencies</strong>. Instead of packaging everything inside your function zip, you split shared logic into reusable layers.</p> <h3> Real-world Example: </h3> <p>Say you have 5 Lambda functions using <strong>Pandas</strong> and <strong>NumPy</strong>. Rather than bundling them in each function (increasing size and build time), you create a shared <strong>layer</strong> containing those libraries.</p> <h2> 📦 AWS Lambda Size Limits </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type</th> <th>Max Size</th> </tr> </thead> <tbody> <tr> <td>Lambda code (zipped)</td> <td> <strong>50MB</strong> (direct upload)</td> </tr> <tr> <td>Lambda code (unzipped)</td> <td> <strong>250MB</strong> (with layers)</td> </tr> <tr> <td>Layer size (unzipped)</td> <td> <strong>250MB</strong> per layer</td> </tr> <tr> <td>Max Layers per Lambda</td> <td><strong>5</strong></td> </tr> </tbody> </table></div> <p>So if your function needs more than 50MB of libraries (like ML models or large packages), <strong>layers are the solution</strong>.</p> <h2> 📄 YAML Layering with AWS SAM (Serverless Application Model) </h2> <h3> 🧱 Step 1: Define a Lambda Layer in <code>template.yaml</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">Resources</span><span class="pi">:</span> <span class="na">MySharedLayer</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::LayerVersion</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">LayerName</span><span class="pi">:</span> <span class="s">shared-python-packages</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Shared Python libraries for all Lambdas</span> <span class="na">ContentUri</span><span class="pi">:</span> <span class="s">layers/shared/</span> <span class="na">CompatibleRuntimes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">python3.9</span> <span class="na">RetentionPolicy</span><span class="pi">:</span> <span class="s">Retain</span> </code></pre> </div> <h3> 🧰 Folder Structure </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>project-root/ ├── template.yaml ├── layers/ │ └── shared/ │ └── python/ │ ├── pandas/ │ ├── numpy/ │ └── other_lib/ ├── functions/ │ ├── functionA/ │ │ └── app.py │ └── functionB/ │ └── app.py </code></pre> </div> <ul> <li>AWS requires your dependencies inside <code>python/</code> (or <code>nodejs/</code>, <code>ruby/</code>, etc.)</li> <li>Use a tool like <code>pip install -r requirements.txt -t layers/shared/python</code> to populate it.</li> </ul> <h3> 🧾 Step 2: Reference the Layer in Your Lambda Function </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">MyFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">app.lambda_handler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">python3.9</span> <span class="na">CodeUri</span><span class="pi">:</span> <span class="s">functions/functionA/</span> <span class="na">Layers</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">MySharedLayer</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">HelloAPI</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/hello</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">get</span> </code></pre> </div> <p>Now the function will <strong>inherit the layer</strong> and can import libraries as if they were local.</p> <h2> 🚀 Benefits of Layering </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Advantage</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>✅ <strong>Reusability</strong> </td> <td>One layer, many functions</td> </tr> <tr> <td>✅ <strong>Smaller Deployment</strong> </td> <td>Function ZIPs stay under 50MB</td> </tr> <tr> <td>✅ <strong>Faster CI/CD</strong> </td> <td>No need to repackage large libraries</td> </tr> <tr> <td>✅ <strong>Security &amp; Patching</strong> </td> <td>Update the layer without touching code</td> </tr> </tbody> </table></div> <h2> ⚠️ Drawbacks &amp; Caveats </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Disadvantage</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>❌ <strong>Layer Limits</strong> </td> <td>Max 250MB per layer; max 5 layers per function</td> </tr> <tr> <td>❌ <strong>Versioning</strong> </td> <td>Each update creates a new version (immutable)</td> </tr> <tr> <td>❌ <strong>Cold Start Time</strong> </td> <td>Larger layers can increase cold start latency</td> </tr> <tr> <td>❌ <strong>Debugging Layers</strong> </td> <td>Can be tricky to troubleshoot if layer fails silently</td> </tr> </tbody> </table></div> <h2> 🧪 Testing Layers Locally </h2> <p>You can test layers locally using the AWS SAM CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sam <span class="nb">local </span>invoke MyFunction <span class="nt">--event</span> events/input.json </code></pre> </div> <p>Or use Docker to simulate the AWS Lambda environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-v</span> <span class="s2">"</span><span class="nv">$PWD</span><span class="s2">"</span>:/var/task lambci/lambda:python3.9 app.lambda_handler </code></pre> </div> <p>Make sure your layer path is in the Python path:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">sys</span> <span class="n">sys</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">'</span><span class="s">/opt</span><span class="sh">'</span><span class="p">)</span> <span class="kn">import</span> <span class="n">pandas</span> </code></pre> </div> <p><code>/opt</code> is the default mount path for Lambda layers.</p> <h2> 🧱 Use Cases </h2> <ul> <li> <strong>Shared SDKs</strong> for internal services</li> <li> <strong>ML Models</strong> and large Python dependencies</li> <li> <strong>Custom Runtimes</strong> (e.g., Alpine builds)</li> <li> <strong>Monitoring Tools</strong> (e.g., Datadog, New Relic)</li> </ul> <h2> ⚙️ Pro Tip: Automate Layer Upload with Makefile </h2> <div class="highlight js-code-highlight"> <pre class="highlight make"><code><span class="nv">LAYER_NAME</span><span class="o">=</span>my-layer <span class="nv">PYTHON_VERSION</span><span class="o">=</span>python3.9 <span class="nl">build-layer</span><span class="o">:</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="nt">-t</span> layers/shared/python <span class="nl">deploy-layer</span><span class="o">:</span> aws lambda publish-layer-version <span class="se">\</span> <span class="nt">--layer-name</span> <span class="p">$(</span>LAYER_NAME<span class="p">)</span> <span class="se">\</span> <span class="nt">--compatible-runtimes</span> <span class="p">$(</span>PYTHON_VERSION<span class="p">)</span> <span class="se">\</span> <span class="nt">--zip-file</span> fileb://layer.zip </code></pre> </div> <h2> 📚 Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>With Layer</th> <th>Without Layer</th> </tr> </thead> <tbody> <tr> <td>Package Size</td> <td>Smaller</td> <td>Grows quickly</td> </tr> <tr> <td>CI/CD Time</td> <td>Faster</td> <td>Slower</td> </tr> <tr> <td>Code Duplication</td> <td>Minimal</td> <td>High</td> </tr> <tr> <td>Setup Complexity</td> <td>Slightly higher</td> <td>Simpler initially</td> </tr> <tr> <td>Max Runtime Support</td> <td>Python, Node, etc.</td> <td>Same</td> </tr> </tbody> </table></div> <h2> ✅ Conclusion </h2> <p>Layering your Lambda functions using YAML gives you clean separation of concerns, optimized performance, and scalable deployment pipelines. While layers come with a few trade-offs, their benefits in large-scale or complex serverless systems are hard to ignore.</p> <blockquote> <p>“Don’t just write functions—architect them.”</p> </blockquote> lambda aws layer Shubham Singh Wed, 28 May 2025 17:40:01 +0000 https://dev.to/shubham_singh_dc4c3162182/docker-aws-integration-14hh https://dev.to/shubham_singh_dc4c3162182/docker-aws-integration-14hh <h2> 🚀 Docker and AWS Integration: A Developer’s Complete Guide </h2> <p>Docker has revolutionized the way we build, ship, and run applications. Combine that with AWS, and you get a powerful, scalable infrastructure for deploying modern applications.</p> <p>This guide explores how to integrate <strong>Docker with AWS</strong>, focusing on <strong>ECR (Elastic Container Registry)</strong>, <strong>ECS (Elastic Container Service)</strong>, and <strong>EC2</strong>—with real-world use cases and commands.</p> <h2> 🧱 Why Docker + AWS? </h2> <ul> <li> <strong>Docker</strong> makes applications portable.</li> <li> <strong>AWS</strong> gives scalable infrastructure.</li> </ul> <p>Together, they allow you to build microservices, deploy quickly, and manage infrastructure easily.</p> <h2> ⚙️ Prerequisites </h2> <ul> <li>Docker installed locally</li> <li>AWS CLI configured (<code>aws configure</code>)</li> <li>Basic knowledge of EC2, ECS, IAM, and VPC</li> </ul> <h2> 🐳 Step 1: Dockerize Your Application </h2> <p>Let’s take a basic Python Flask app:</p> <p><strong>app.py</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">():</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Hello from Docker on AWS!</span><span class="sh">"</span> </code></pre> </div> <p><strong>Dockerfile</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.9-slim</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="k">COPY</span><span class="s"> . .</span> <span class="k">CMD</span><span class="s"> ["python", "app.py"]</span> </code></pre> </div> <p><strong>requirements.txt</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flask </code></pre> </div> <p><strong>Build the Docker image</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> flask-aws-app <span class="nb">.</span> </code></pre> </div> <h2> 📦 Step 2: Push Docker Image to AWS ECR </h2> <h3> ✅ Create an ECR Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ecr create-repository <span class="nt">--repository-name</span> flask-aws-app </code></pre> </div> <h3> ✅ Authenticate Docker with ECR </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ecr get-login-password | docker login <span class="nt">--username</span> AWS <span class="nt">--password-stdin</span> &lt;your-account-id&gt;.dkr.ecr.&lt;region&gt;.amazonaws.com </code></pre> </div> <h3> ✅ Tag &amp; Push Image to ECR </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker tag flask-aws-app:latest &lt;your-account-id&gt;.dkr.ecr.&lt;region&gt;.amazonaws.com/flask-aws-app docker push &lt;your-account-id&gt;.dkr.ecr.&lt;region&gt;.amazonaws.com/flask-aws-app </code></pre> </div> <p>Now your image is stored in AWS.</p> <h2> 🚀 Step 3: Deploy Docker Image with ECS (Fargate) </h2> <p><strong>Amazon ECS</strong> is a container orchestration service. Use it to run your containerized app on AWS without managing servers.</p> <h3> 🧭 Setup ECS with Fargate (Simplified via Console or CLI) </h3> <ol> <li> <strong>Create a cluster</strong> (Fargate type)</li> <li><strong>Create a Task Definition</strong></li> </ol> <ul> <li>Use ECR image URI</li> <li> <p>Assign memory/CPU</p> <ol> <li><strong>Create Service</strong></li> </ol> </li> <li><p>Attach to VPC and subnets</p></li> <li> <p>Use a Load Balancer (optional)</p> <ol> <li><strong>Run the Service</strong></li> </ol> </li> </ul> <p>✅ Now your container is running in ECS.</p> <h2> 🖥️ Alternative: Run Docker on EC2 </h2> <p>You can manually deploy Docker containers on EC2 instances.</p> <h3> Step-by-step: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># SSH into EC2</span> ssh ec2-user@&lt;ec2-instance-ip&gt; <span class="c"># Install Docker</span> <span class="nb">sudo </span>yum update <span class="nt">-y</span> <span class="nb">sudo </span>yum <span class="nb">install </span>docker <span class="nt">-y</span> <span class="nb">sudo </span>service docker start <span class="nb">sudo </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> docker ec2-user <span class="c"># Pull and run image from ECR</span> <span class="si">$(</span>aws ecr get-login <span class="nt">--no-include-email</span><span class="si">)</span> docker pull &lt;account-id&gt;.dkr.ecr.&lt;region&gt;.amazonaws.com/flask-aws-app docker run <span class="nt">-d</span> <span class="nt">-p</span> 80:5000 flask-aws-app </code></pre> </div> <p>You now have Docker running on an EC2 instance.</p> <h2> 🔄 Bonus: Automate with CI/CD (GitHub Actions + ECR + ECS) </h2> <p><strong>.github/workflows/deploy.yml</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to AWS ECS</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Docker</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/setup-buildx-action@v1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Log in to Amazon ECR</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/amazon-ecr-login@v1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build, tag, and push image to ECR</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">docker build -t flask-aws-app .</span> <span class="s">docker tag flask-aws-app:latest ${{ secrets.ECR_REPOSITORY }}</span> <span class="s">docker push ${{ secrets.ECR_REPOSITORY }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to ECS</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/amazon-ecs-deploy-task-definition@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">task-definition</span><span class="pi">:</span> <span class="s">ecs-task.json</span> <span class="na">service</span><span class="pi">:</span> <span class="s">my-service</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">my-cluster</span> <span class="na">wait-for-service-stability</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>Use <a href="https://docs.github.com/en/actions/security-guides/encrypted-secrets" rel="noopener noreferrer">GitHub Secrets</a> to store ECR and AWS credentials.</p> <h2> 🧠 Real-World Use Cases </h2> <ul> <li> <strong>Microservices</strong>: Deploy isolated services on ECS or EC2</li> <li> <strong>Serverless Containers</strong>: Use Fargate for true serverless infra</li> <li> <strong>CI/CD Pipelines</strong>: Build images and push on every commit</li> <li> <strong>Scaling</strong>: Use auto-scaling policies in ECS to grow traffic</li> </ul> <h2> 🛡️ Tips and Best Practices </h2> <ul> <li>Use <strong>ECR Lifecycle Policies</strong> to clean up old images.</li> <li>Define <strong>resource limits</strong> in ECS Task Definitions.</li> <li>Enable <strong>CloudWatch Logs</strong> for your containers.</li> <li>Use <strong>IAM roles for tasks</strong> to give least-privilege access.</li> <li>Use <strong>Load Balancer</strong> for zero-downtime deployments.</li> </ul> <h2> 📚 Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>ECR</th> <th>ECS</th> <th>EC2 with Docker</th> </tr> </thead> <tbody> <tr> <td>Stores Images</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Orchestrates</td> <td>❌</td> <td>✅</td> <td>❌</td> </tr> <tr> <td>Full control</td> <td>❌</td> <td>Partial</td> <td>✅</td> </tr> <tr> <td>Managed Infra</td> <td>✅</td> <td>✅</td> <td>❌</td> </tr> </tbody> </table></div> <h2> ✅ Conclusion </h2> <p>Docker + AWS is the go-to combination for building and scaling modern applications. Whether you're deploying a microservice or a full stack system, you can containerize locally and deploy globally using AWS.</p> <p>Try both <strong>ECS</strong> and <strong>EC2</strong> methods and explore what works best for your architecture. Keep it containerized, scalable, and cloud-ready!</p> docker aws cicd Shubham Singh Wed, 28 May 2025 17:24:43 +0000 https://dev.to/shubham_singh_dc4c3162182/api-rate-limiting-379n https://dev.to/shubham_singh_dc4c3162182/api-rate-limiting-379n <h2> Understanding API Rate Limiting and How to Implement It </h2> <p>APIs are the backbone of modern web services. Whether it's weather data, payment processing, or social media interactions, APIs help us exchange data quickly and securely.</p> <p>But with great power comes great responsibility.</p> <p>To ensure fair use and prevent abuse, <strong>API rate limiting</strong> is crucial. In this blog, we'll break down what API rate limiting is, why it's important, and how to implement common strategies like <strong>Token Bucket</strong> and <strong>Leaky Bucket</strong> in Python.</p> <h2> 🧠 What is API Rate Limiting? </h2> <p><strong>Rate limiting</strong> controls how many requests a client can make to an API in a given time frame.</p> <p>Example:</p> <ul> <li>"You can make 60 requests per minute."</li> <li>"No more than 1000 requests per day."</li> </ul> <p>Why use it?</p> <ul> <li>Protects APIs from <strong>abuse and DDoS attacks</strong> </li> <li>Helps maintain <strong>performance and uptime</strong> </li> <li>Ensures <strong>fair usage</strong> among clients</li> </ul> <h2> 🧩 Common Algorithms for Rate Limiting </h2> <h3> 1. <strong>Fixed Window Counter</strong> </h3> <p>In this approach, a counter tracks the number of requests during a fixed time window (e.g., 60 seconds).</p> <ul> <li>✅ Easy to implement</li> <li>❌ Can result in bursts at window edges </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">class</span> <span class="nc">FixedWindowRateLimiter</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">max_requests</span><span class="p">,</span> <span class="n">window_size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">max_requests</span> <span class="o">=</span> <span class="n">max_requests</span> <span class="n">self</span><span class="p">.</span><span class="n">window_size</span> <span class="o">=</span> <span class="n">window_size</span> <span class="n">self</span><span class="p">.</span><span class="n">window_start</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="nf">time</span><span class="p">())</span> <span class="n">self</span><span class="p">.</span><span class="n">request_count</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">def</span> <span class="nf">allow_request</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">current_time</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="nf">time</span><span class="p">())</span> <span class="k">if</span> <span class="n">current_time</span> <span class="o">-</span> <span class="n">self</span><span class="p">.</span><span class="n">window_start</span> <span class="o">&gt;=</span> <span class="n">self</span><span class="p">.</span><span class="n">window_size</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">window_start</span> <span class="o">=</span> <span class="n">current_time</span> <span class="n">self</span><span class="p">.</span><span class="n">request_count</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">request_count</span> <span class="o">&lt;</span> <span class="n">self</span><span class="p">.</span><span class="n">max_requests</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">request_count</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <h3> 2. <strong>Sliding Window Log</strong> </h3> <p>Instead of a fixed window, this keeps a <strong>timestamp log</strong> of requests and removes outdated ones.</p> <ul> <li>✅ More accurate than Fixed Window</li> <li>❌ Uses more memory (O(n) for n requests) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">collections</span> <span class="kn">import</span> <span class="n">deque</span> <span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">class</span> <span class="nc">SlidingWindowRateLimiter</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">max_requests</span><span class="p">,</span> <span class="n">window_size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">max_requests</span> <span class="o">=</span> <span class="n">max_requests</span> <span class="n">self</span><span class="p">.</span><span class="n">window_size</span> <span class="o">=</span> <span class="n">window_size</span> <span class="n">self</span><span class="p">.</span><span class="n">request_log</span> <span class="o">=</span> <span class="nf">deque</span><span class="p">()</span> <span class="k">def</span> <span class="nf">allow_request</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">current_time</span> <span class="o">=</span> <span class="nf">time</span><span class="p">()</span> <span class="k">while</span> <span class="n">self</span><span class="p">.</span><span class="n">request_log</span> <span class="ow">and</span> <span class="n">self</span><span class="p">.</span><span class="n">request_log</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">&lt;=</span> <span class="n">current_time</span> <span class="o">-</span> <span class="n">self</span><span class="p">.</span><span class="n">window_size</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">request_log</span><span class="p">.</span><span class="nf">popleft</span><span class="p">()</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">request_log</span><span class="p">)</span> <span class="o">&lt;</span> <span class="n">self</span><span class="p">.</span><span class="n">max_requests</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">request_log</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">current_time</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <h3> 3. <strong>Token Bucket Algorithm</strong> </h3> <p>Imagine a bucket that fills up with tokens over time. Each request <strong>consumes</strong> one token. If no tokens are left, the request is denied.</p> <ul> <li>✅ Allows burst traffic</li> <li>✅ Easy to tune</li> <li>❌ Slightly more complex </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">class</span> <span class="nc">TokenBucket</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">capacity</span><span class="p">,</span> <span class="n">refill_rate</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">capacity</span> <span class="o">=</span> <span class="n">capacity</span> <span class="n">self</span><span class="p">.</span><span class="n">tokens</span> <span class="o">=</span> <span class="n">capacity</span> <span class="n">self</span><span class="p">.</span><span class="n">refill_rate</span> <span class="o">=</span> <span class="n">refill_rate</span> <span class="n">self</span><span class="p">.</span><span class="n">last_refill</span> <span class="o">=</span> <span class="nf">time</span><span class="p">()</span> <span class="k">def</span> <span class="nf">allow_request</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">now</span> <span class="o">=</span> <span class="nf">time</span><span class="p">()</span> <span class="n">elapsed</span> <span class="o">=</span> <span class="n">now</span> <span class="o">-</span> <span class="n">self</span><span class="p">.</span><span class="n">last_refill</span> <span class="n">refill</span> <span class="o">=</span> <span class="n">elapsed</span> <span class="o">*</span> <span class="n">self</span><span class="p">.</span><span class="n">refill_rate</span> <span class="n">self</span><span class="p">.</span><span class="n">tokens</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">capacity</span><span class="p">,</span> <span class="n">self</span><span class="p">.</span><span class="n">tokens</span> <span class="o">+</span> <span class="n">refill</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">last_refill</span> <span class="o">=</span> <span class="n">now</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">tokens</span> <span class="o">&gt;=</span> <span class="mi">1</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">tokens</span> <span class="o">-=</span> <span class="mi">1</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <ul> <li> <code>capacity</code>: maximum tokens</li> <li> <code>refill_rate</code>: tokens added per second</li> </ul> <h3> 4. <strong>Leaky Bucket Algorithm</strong> </h3> <p>This approach is like a water bucket with a leak. Requests are queued, and only allowed out at a fixed rate.</p> <ul> <li>✅ Smooth traffic flow</li> <li>❌ Can delay burst traffic </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">collections</span> <span class="kn">import</span> <span class="n">deque</span> <span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">time</span><span class="p">,</span> <span class="n">sleep</span> <span class="k">class</span> <span class="nc">LeakyBucket</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">leak_rate</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">queue</span> <span class="o">=</span> <span class="nf">deque</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">last_checked</span> <span class="o">=</span> <span class="nf">time</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">leak_rate</span> <span class="o">=</span> <span class="n">leak_rate</span> <span class="k">def</span> <span class="nf">allow_request</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">now</span> <span class="o">=</span> <span class="nf">time</span><span class="p">()</span> <span class="n">elapsed</span> <span class="o">=</span> <span class="n">now</span> <span class="o">-</span> <span class="n">self</span><span class="p">.</span><span class="n">last_checked</span> <span class="n">leaks</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">elapsed</span> <span class="o">*</span> <span class="n">self</span><span class="p">.</span><span class="n">leak_rate</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">leaks</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">queue</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">queue</span><span class="p">.</span><span class="nf">popleft</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">last_checked</span> <span class="o">=</span> <span class="n">now</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">queue</span><span class="p">)</span> <span class="o">&lt;</span> <span class="n">self</span><span class="p">.</span><span class="n">leak_rate</span> <span class="o">*</span> <span class="mi">2</span><span class="p">:</span> <span class="c1"># max burst size </span> <span class="n">self</span><span class="p">.</span><span class="n">queue</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">now</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <h2> 🛠️ Applying Rate Limiting to API Routes (Flask Example) </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">jsonify</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">limiter</span> <span class="o">=</span> <span class="nc">TokenBucket</span><span class="p">(</span><span class="n">capacity</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">refill_rate</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># 10 reqs, 1 per sec </span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/api/data</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_data</span><span class="p">():</span> <span class="k">if</span> <span class="n">limiter</span><span class="p">.</span><span class="nf">allow_request</span><span class="p">():</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Here is your API data</span><span class="sh">"</span><span class="p">})</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Rate limit exceeded</span><span class="sh">"</span><span class="p">}),</span> <span class="mi">429</span> </code></pre> </div> <h2> 💡 Best Practices </h2> <ul> <li> <strong>Use Headers</strong>: Send <code>X-RateLimit-Remaining</code>, <code>X-RateLimit-Reset</code> headers for client transparency.</li> <li> <strong>Different Limits for Users</strong>: Use API keys or IPs to set custom limits.</li> <li> <strong>Persistent Storage</strong>: For distributed apps, store counters in Redis or a database.</li> <li> <strong>Fail-Safe Defaults</strong>: Never fully block system-critical clients (use lower rate but allow some access).</li> </ul> <h2> ✅ Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Algorithm</th> <th>Accuracy</th> <th>Memory</th> <th>Burst Support</th> <th>Use When…</th> </tr> </thead> <tbody> <tr> <td>Fixed Window</td> <td>Low</td> <td>Low</td> <td>❌</td> <td>Simple APIs, low traffic</td> </tr> <tr> <td>Sliding Window</td> <td>Medium</td> <td>Medium</td> <td>❌</td> <td>Need better accuracy</td> </tr> <tr> <td>Token Bucket</td> <td>High</td> <td>Low</td> <td>✅</td> <td>Need burst handling</td> </tr> <tr> <td>Leaky Bucket</td> <td>High</td> <td>Medium</td> <td>❌</td> <td>Require smooth traffic output</td> </tr> </tbody> </table></div> <h2> 📦 Try It Yourself </h2> <p>You can test these rate limiters in your own Flask or FastAPI projects. Want to scale up? Use <strong>Redis</strong>, <strong>API Gateway</strong>, or <strong>Nginx with Lua</strong> for advanced rate limiting in production environments.</p> <blockquote> <p>“Build secure APIs, not open floodgates.”</p> </blockquote> <h3> 🚀 Let Me Know </h3> <p>Was this helpful? Let me know your thoughts or which algorithm you want implemented with Redis or FastAPI next!</p> python ratelimit api backend