Tutorial: How to Rate-Limit Google Cloud Functions

During the last few years, all cloud providers have embraced the new serverless computing concept. Serverless computing enables us to execute code on the fly without having to worry about challenges like scaling or workload balancing. Amazon Web Services introduced AWS Lambda back in 2014. In 2016 Google introduced a similar technology called Google Cloud Functions.
To manage access to these serverless cloud functions, AWS offers API gateway. The API gateway has the ability to lock your functions with API keys, rate limit the requests, and block calls with CORS policy. The Google Cloud Platform, on the other hand, does not yet have such functionality. You will need a service like Apigee to manage the gateways of your API’s.
In this tutorial, I’ll show you how to build an API rate-limiter for a Google Cloud Function. This enables you to limit the number of requests per time unit for a cloud function. Why is this useful? Let’s imagine you want to build a commercial API. Obviously you want to limit the number of API calls per month. By rate limiting your Google Cloud Function, you can limit the requests per month for a certain user.
Rate Limiting
In this tutorial, I’ll be showing you how to rate limit your Google Cloud function with Node.JS. However, this can also easily be done with a Python function.
To rate-limit a function we’ll need to create a database that stores the number of tokens (remaining API calls). Subsequently, we have to limit access to the cloud function if these tokens are used. Finally, we need to renew the tokens after a certain time period e.g. a month. To do this the following three steps are needed:
- Creating a FireStore database.
- Creating a Google cloud function and limiting access.
- Creating a function to renew the tokens.
1. Creating a FireStore Database
Step 1: Go to your Google Cloud Console and search for “Firestore.”
Step 2: Click on “Select Native mode” and select your favorite location in the next screen.
Step 3: Click on “Start a Collection”.
Step 4: Create a collection with the following information:
Collection ID | api-tokens |
Document ID | demo-function |
Field name | tokens |
Field type | number |
Field number | 1000 (or any number of calls you want) |
Done with this step!
2. Creating a Google Cloud Function and Limiting Access.
Step 1: Search for “Cloud Functions” in the search bar of the Google cloud console.
Step 2: In the following screen enter the name of your function. If you want to create a public function make sure you also check “Allow unauthenticated”.
Step 3: Under the index.js section add the following code. Please note that you have to fill-out your own project id.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
const Firestore = require('@google-cloud/firestore'); //fill in your project id below const project_id = 'FILL OUT YOUR PROJECT ID'; const db = new Firestore({projectId: project_id}); const document = db.collection("api-tokens").doc('demo-function'); exports.helloWorld = (req, res) => { document.get().then(function(doc){ const tokens = doc.data().tokens; if(tokens <= 0){ //limit is reached return res.status(429).send(); } else{ // do whatever you want here document.update({"tokens" : tokens-1}); return res.status(200).send(); } }) }; |
Step 4: Under the package.json. Add the following code:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{ "name": "sample-http", "version": "0.0.1", "dependencies":{ "@google-cloud/firestore": "latest" } } |
Step 5: Deploy your function, go to the trigger tab, and check if you get a 200 response!
Step 6: Check if the tokens in the Firestore database are updated
There you go :) Every time you do a request to the function the tokens are updated. If the tokens reach 0, no requests can be made anymore. Please note that this does not restrict who is able to make these requests. You have to solve this with Cross Origin Region Sharing (CORS).
3. Creating a Function to Renew the Tokens
Of course, you want to renew the tokens each day or month. By doing this you are able to commercialize your cloud function as an API with a monthly subscription. In this part, I’ll show you how to renew/refill the tokens.
Step 1: Create a new Google Cloud Function as described in steps 1 and 2 of the previous article. You can name this function something like “renew-tokens.” Make sure you uncheck the “allow unauthenticated” box.
Step 2: Under the package.json. Again add the following code:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{ "name": "sample-http", "version": "0.0.1", "dependencies":{ "@google-cloud/firestore": "latest" } } |
Step 3: Under index.js add the following code.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
const Firestore = require('@google-cloud/firestore'); //fill in your project id below const project_id = 'FILL OUT YOUR PROJECT ID'; const db = new Firestore({projectId: project_id}); const document = db.collection("api-tokens").doc('demo-function'); exports.helloWorld = (req, res) => { document.get().then(function(doc){ // update the calls over here document.update({"tokens" : 1000}); return res.status(200).send(); }); }; |
Step 4: Deploy your function. Check the if you tokens are updated in your Firestore database when you execute this token-renew-function function i.e. click on the trigger URL.
Step 5: Schedule this function to run every month or day. Search for “Cloud scheduler” in the search bar. Click ok “Create task” if you creating a scheduled function for the first time.
Step 6: Fill out the following information
Name | Whatever you want |
Description | Whatever you want |
Frequency | 0 0 1 ** (for every month) |
Timezone | Your timezone |
Target: | HTTP |
URL | The URL of the function create above. You can find under the “trigger” tab of your function. |
HTTP Method | POST |
Body | Empty |
Click on “Create.”
Step 7: Search for IAM in the search bar:
Step 8: Find the “Cloud Scheduler Service Account” and click on the edit button on the right.
Step 9: Add a new role and search for function invoker. And click save.
You’re done! The renew function is scheduled to run every month and refill the tokens. If you also want to limit the access to your rate-limited function, you can do this with CORS.
Conclusion
Although the Google Cloud Platform comes with a lot of functionality, an API gateway is not yet included. When I was creating an IP location API I struggled a lot with this. I tried several solutions like Apigee or Firebase. I ended up with creating my own custom made solution. Please note that this solution also comes with some costs e.g. costs for read/writing to the Firestore database. However, for me this was the best way to go.
Go ahead and happy coding :)
Amazon Web Services is a sponsor of The New Stack.
Feature image via Pixabay.
At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: feedback@thenewstack.io.