Ensure that function invocation is limited to a specified threshold from any single entity, preventing resource exhaustion and denial of service attacks.
Compute / Serverless Computing / Controls / DEV
Implement Function Invocation Rate Limits
CCC.SvlsComp.CN02 · Resource
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP04 | Transaction Rate Limits | The service can throttle, delay, or reject excess requests when transactions exceed a user-specified rate limit, and always provides industry-standard throughput up to that limit. |
| CCC.Core.CP16 | Budgeting | The service may be configured to take a user-specified action when a spending threshold is met or exceeded on a child or networked resource. |
| CCC.Core.CP19 | Child Resource Scaling | The service may be configured to scale child resources automatically or on-demand. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH12 | Resource Constraints are Exhausted | Exceeding the resource constraints through excessive consumption, resource-intensive operations, or lowering of rate-limit thresholds can impact the availability of elements such as memory, CPU, or storage. This may disrupt availability of the service or child resources by denying the associated functionality to users. If the impacted system is not designed to expect such a failure, the effect could also cascade to other services and resources. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.SvlsComp.CN02.AR01 | Send requests to invoke the function up to the allowed threshold and confirm they are successful; then send additional requests exceeding the threshold from the same entity and verify that they are denied. | tlp-red, tlp-amber |