Since serverless is designed to scale to infinity, one of the questions we get asked very often is whether a DDoS attack on the serverless application can result in a hefty Cloud Bill. One way to prevent this is to have rate limiting on API Gateway in place so that the serverless application doesn’t scale to unexpected levels and end up using all underlying resources.