Back to blog

2024-12-15

Building Scalable Systems: Lessons from Scaling High-Traffic APIs

AWSInfrastructureDevOpsNGINX

In my work on backend and platform teams, I’ve seen API tiers that start modest—enough headroom for steady growth, but not yet tuned for spikes or strict SLAs. As traffic and expectations rise, getting to infrastructure that can handle sustained concurrency—with predictable latency and room to operate—takes deliberate work across architecture, automation, and culture.

This post summarizes the themes that mattered most: elasticity, protecting the platform at the edge, and making decisions from real signals instead of guesses.

The Starting Point

We began with a conventional shape: application instances behind a load balancer, hand-managed capacity, and monitoring that told us whether something was down more than how the system behaved under load. That setup was appropriate for the stage we were in, but it left little buffer for seasonal peaks or new products sharing the same API surface.

The first pain wasn’t raw “we can’t serve traffic”—it was unpredictability: capacity meetings instead of automated reactions, and incident response that started from symptoms instead of dashboards tuned to saturation and error budgets.

Elasticity with AWS Auto Scaling

The biggest structural shift was embracing Auto Scaling Groups across multiple Availability Zones. Goals were simple to state and harder to get right in practice:

  • Scale out before customers feel it — use signals tied to utilization and latency, not only CPU.
  • Scale in without thrashing — cooldowns and sensible minimums so we weren’t flapping instances.
  • Treat AZ failure as a design constraint — capacity had to stay healthy if a zone degraded.

Auto Scaling didn’t replace good application design, but it made the platform honest: we could absorb peaks without a human resizing instances at 2 a.m.

Traffic shaping at the gateway

In the projects I’m describing, the problem wasn’t philosophical—it was practical. Clients need per-key and per-route limits they can read in docs and plan around. Operators need those rules enforced before overload burns application threads. A small programmable edge—here, NGINX with Lua (OpenResty)—acted as the place to apply quotas and bursts so the app cluster didn’t adjudicate every request.

Three outcomes mattered more than the specific tool.

Fairness

When several products or tenants share one ingress, explicit limits keep a noisy neighbor from starving everyone else.

Protection

Accidental retries, runaway jobs, or abuse should degrade at the boundary when possible—not deep in synchronous request paths.

One place for policy

When routes and contracts change, gateway rules should evolve in one pipeline instead of scattered conditionals across services.

Your stack may differ; the takeaway doesn’t: keep shaping policy close to the edge so core services spend their budget on real work.

Observability Before Optimizations

We deliberately invested in metrics, structured logging, and tracing hooks before chasing micro-optimizations. Without baseline percentiles and error rates broken down by route, it’s easy to “optimize” the wrong layer or regress latency while fixing throughput.

Concrete habits that paid off:

  • Dashboards that answer where time goes under load, not just if errors exist.
  • Alerts tied to user-visible thresholds (latency, error ratio) more than raw CPU.
  • Post-incident notes that feed back into runbooks and capacity defaults.

Trade-Offs and What I’d Do Earlier Next Time

No architecture is free. Auto Scaling and richer gateways add operational surface area: AMIs, launch templates, gateway configs, and coordination between teams. The trade-off is worth it when downtime and manual firefighting cost more than automation.

If I were repeating this journey on a greenfield API, I’d still start with boring, observable foundations and add scale controls as traffic patterns became clear—rather than guessing peak shapes from slides.

Closing Thoughts

Scaling isn’t a single milestone; it’s a loop of measure → protect → automate → revisit assumptions. The move from modest traffic to sustained high load was as much about discipline and observability as about any one AWS feature.

I’ll keep writing here about infrastructure, AI in production, and full-stack engineering—if a topic matters to how we build and run systems, it belongs in the notes.