The Cloud Ledger
API Gateway vs ALB for serverless APIs
Two front doors for Lambda. Cost, features, and latency compared.
Saurabh Kumar21 Nov 2024
For years the reflexive answer to "how do I put an HTTP endpoint in front of a Lambda" was API Gateway, full stop. Then ALB added Lambda targets and HTTP APIs arrived at a fraction of the price of REST APIs, and suddenly the choice stopped being obvious. I've now built serverless APIs on both, and on a couple of occasions migrated from one to the other when traffic patterns changed. Here's how I decide.
The three doors, not two
The framing "API Gateway vs ALB" hides the fact that API Gateway is two products. There are really three options:
- REST API, the original, feature-rich tier: request validation, API keys, usage plans, WAF, per-method throttling, request/response transformation.
- HTTP API, a leaner, cheaper rewrite. About 70% cheaper per request and lower latency, but it drops some REST features (no request transformation, no usage plans, simpler auth).
- Application Load Balancer with Lambda targets, a load balancer that happens to invoke Lambda, billed by the hour plus LCU rather than per request.
The cost crossover is the real decision
This is where most of the actual decision lives, and it hinges on traffic volume. API Gateway bills purely per request with no fixed cost. ALB bills roughly $0.0225/hour (about $16/month) just to exist, plus LCU charges, but the marginal cost per request is near zero. So ALB has a fixed floor and a flat slope; API Gateway has no floor and a per-request slope.
| Option | Pricing model | Cost at ~1M req/mo | Cost at ~500M req/mo |
|---|---|---|---|
| REST API | ~$3.50 / million | ~$3.50 | ~$1,500+ |
| HTTP API | ~$1.00 / million | ~$1.00 | ~$500 |
| ALB | ~$16/mo + LCU | ~$16-25 | ~$30-60 |
The pattern is clear: at low and moderate request volume API Gateway wins because you pay nothing when idle, but past tens of millions of requests a month ALB's flat cost curve pulls ahead dramatically. The crossover point is in the low tens of millions of requests per month. If you're a spiky internal API, API Gateway. If you're a steady high-volume public endpoint, run the numbers on ALB.
Features you give up with ALB
ALB's cheap requests come with sharp edges for serverless:
- 30-second hard timeout, and no built-in throttling. API Gateway gives you per-route rate limiting; with ALB you need to handle protection elsewhere.
- No native API key / usage plan support. If you sell tiered API access, REST API's usage plans are doing real work for you.
- Payload limits differ. ALB caps the Lambda request/response body at 1 MB; API Gateway allows up to 10 MB.
- Authorizers. API Gateway has first-class Lambda authorizers and JWT authorizers (HTTP API integrates cleanly with Cognito). With ALB you bolt auth onto the OIDC listener rule or do it inside the function.
What this looks like in Terraform
An HTTP API with a Lambda integration is refreshingly terse, which itself tells you something about the operational surface area:
resource "aws_apigatewayv2_api" "this" {
name = "orders-api"
protocol_type = "HTTP"
}
resource "aws_apigatewayv2_integration" "lambda" {
api_id = aws_apigatewayv2_api.this.id
integration_type = "AWS_PROXY"
integration_uri = aws_lambda_function.orders.invoke_arn
payload_format_version = "2.0"
}
resource "aws_apigatewayv2_route" "get_orders" {
api_id = aws_apigatewayv2_api.this.id
route_key = "GET /orders"
target = "integrations/${aws_apigatewayv2_integration.lambda.id}"
}Note payload_format_version = "2.0", the 2.0 event format is simpler than the 1.0/REST shape, and forgetting to handle the right shape in your function is the single most common bug when people move between the tiers.
Pick HTTP API by default for new serverless APIs. Reach for REST API only when you specifically need a feature it has and HTTP API doesn't. Reach for ALB only when request volume makes per-request pricing hurt.
Takeaways
- It's three options, not two: REST API (feature-rich), HTTP API (cheap and fast), and ALB (flat cost at scale).
- API Gateway has no idle cost but bills per request; ALB has a monthly floor but a near-flat slope, the crossover is in the low tens of millions of requests/month.
- ALB trades away throttling, usage plans, larger payloads, and native authorizers for that cheap-at-scale pricing.
- Default to HTTP API; escalate to REST for specific features or to ALB for sustained high volume.
Saurabh KumarWrites about AWS, cost optimization & ML at The Cloud Ledger.
