How To Solve "Rate exceeded for operation 'AWS::CloudFront::Distribution'." Error?

Recently at work, I had to deploy ~80 CloudFront instances, each with its own Certificate, pointing to one S3 bucket as its source, all in one CloudFormation file. I kept running into "Rate exceeded for operation AWS::CloudFront::Distribution'.". Let's learn how to fix it.

Rahul Pulikkot Nath
Rahul Pulikkot Nath

Table of Contents

This article is sponsored by AWS and is part of my AWS Series.

The Problem

Recently at work, I had to deploy ~80 CloudFront instances, each with its own Certificate, pointing to one S3 bucket as its source, all in one CloudFormation file.

However, when running the CloudFormation template, it kept erroring with the below message.

"Rate exceeded for operation 'AWS::CloudFront::Distribution'."

The CloudFormation file did succeed when the number of CloudFront instances was around 20.

I didn't want to split the deployment into different CloudFormation templates or create multiple Stacks.

As much as possible, I wanted to keep it all in one single file to be easily managed.

The Solution

CloudFormation, when creating resources, tries to create all the resources that are not dependent at the same time.

In my scenario, since the CloudFront instances were independent of each other and only dependent on the single S3.

Because of this, CloudFormation tries to run and create all the ~80 CloudFronts simultaneously, resulting in the Rate exceeded for operation error.

To avoid CloudFormation, creating all the resources at the same time, we can introduce the DependsOn attribute on the resources.

With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

DependsOn is only a deployment time dependency and does not create anything specific on the actual resources in AWS.

Adding the DependsOn attribute forces CloudFormation to deploy the resources in the order they depend on.

To fix my specific issue, I batched the creation of CloudFront into 10. So as shown in the image below, in the CloudFormation template, I introduced a fake dependency between resources in each batch with that of the previous batch.

The first 10 Websites are created first,  followed by Websites 11-20, which DependsOn all the Websites from 1-10 to be created.

Once this is done, it moves on to the next batch, which depends on all the Websites in the previous batch.

You can see further batch dependency in the image below, where Website65 depends on all the Websites in the batch before (Website 51-60), and Website 71 is dependent on the batch before it (Website 61-70).

The DependsOn attribute helps restrict and keep in check the number of CloudFront instances that are created at a time.

I hope this helps you in case you run into a similar situation!

AWS
Rahul Pulikkot Nath

Rahul Pulikkot Nath Twitter

You might also like

SNS→Lambda Or SNS→SQS→Lambda Members Public

Should you be processing messages directly from SNS to Lambda or via an SQS Queue? Learn the disadvantages of directly processing messages from SNS and how you can solve those by introducing an SQS Queue in the middle.

Rahul Pulikkot Nath
Rahul Pulikkot Nath
AWS

Amazon SNS and AWS Lambda Triggers in .NET Members Public

Learn how to process SNS messages from AWS Lambda Function. We will learn how to set up and trigger a .NET Lambda Function using SNS, understand scaling and lambda concurrency and how to handle exceptions when processing messages.

Rahul Pulikkot Nath
Rahul Pulikkot Nath
AWS