Firebase Blaze plan and Cloud Functions

Question

Unfortunately Firebase's Flame plan disappeared and I now have to deal with Blaze plan, which I'm not fan of because of it's "unlimited" budget (but my wallet isn't). Yesterday I was coding and by mistake made a loop that called 3 Cloud Functions, I spotted the loop fast enough to stop the carnage.

In only 15 seconds of execution, I've been able to trigger more than 10K requests, and without errors, that a pretty good performance of Firebase, but it's scary as well! How can I cap this to throttle requests coming from users? I'm pretty confident in my code, but as we all know if someone gets my Firebase config file, I'm done.

I'm a solo developer and it's my first app done on my spare time, I don't want to to become a mess because of triggering reads / writes / Cloud Functions. No one is perfect, everyone makes mistakes, maybe I didn't spot a small bug in my code that'll reveal it's true potential only once in production. I'm not asking Firebase to handle my mistakes, but I'd like to be able to stop the CF and Firebase if I want to.

My only desire is to sleep confident, I don't want to wake up one morning with a 10.000$ bill. I've read that's it's possible to totally disable billing account on a project with CloudFunctions, but what will happen to my Firebase Storage bucket for example (for the storage superior to the Spark plan)? And it doesn't seem easy to do.

Firebase is a great product and I love how easy / fun it is to use, but now that budget locked plans as Flame are gone I feel really trapped now that my application is almost ready to go into production, and I don't think I'm the only one out there.

Answer 1

Ah you've stumbled onto the 'rate-limiting' conundrum. Not to worry, I've spent many nights worrying about this myself.

In order to get a bit more control over your application, you're going to have to link your project to google cloud platform. Then navigate to IAM & Admin>Quotas (once you've selected your firebase project).

Now you might be overwhelmed initially, and confused as to why there are so many Cloud functions API limiters. These quotas should allow you to rate limit your cloud functions API (similar to what twitter does) in a number of ways, including but not limited to:

• Read Requests per day
• Read requests per 100 seconds
• Function invocations per 100 seconds
• Function invocations per day
• etc

The API that will be listed are the ones you've enabled, so you can set limits for cloud storage as well.

By default, the max number of invocations per second is set to the maximum of 5000 invocations per day on the spark plan. but according to the docs, the absolute maximum is 100,000,000/100 seconds!

Also worth having a look at is the pricing docs, which have a nice example of a typical monthly use case for a successful app. To grossly oversimplify, a single invocation costs $0.0000004, hence 10,000,000 invocations will cost you a whopping $3.20. However don't let that very low cost fool you, if you write some terrible code and it has exponential complexity (like reading every document in a firestore collection every invocation), you could get slapped with an exponential cost. So make sure you set those quotas :)

Remember, server admin is as much a part of the application as the code itself. If your app goes to production, be prepared to spend some time each day going through the Google cloud dashboard and checking limits, analyzing trends, etc. This way you can kind of step up the amount of invocations you can allow per day and sleep well knowing that if you shoot yourself in the foot, you won't bleed too much.

Best of luck with it

Despicable B.