Hello Reader,

Often I hear this - API Gateway is Serverless, hence it's better than Application Load Balancer (ALB). In todays newsletter edition, we will take an objective look at both, consider pros and cons, and more importantly how to tackle this in system design or tech interview. Remember our guiding principle - to get the job, or to excel at the job - you need to DELIGHT and not just MEET the standard.

Let's get started.

Both can route traffic to backends, both are managed by AWS, and both scale automatically. But they’re designed for different use cases - and understanding their differences can save you a lot of pain (and money).

Key Differences You Need to Know

Routing

• API Gateway: Routes by HTTP method (e.g., GET → one Lambda, POST → another).
• ALB: Routes by path-based rules (e.g., /browse → one target, /insert → another).

Encryption

• API Gateway: HTTPS by default, AWS-managed certificate.
• ALB: Defaults to HTTP; you must configure AWS Certificate Manager for HTTPS. For this, you need a custom domain. You can't enable HTTPS with the default URL ALB gives you

VPC

• API Gateway: Runs in AWS infra, doesn't require customer VPC. APIs can connect to VPC or can be called from VPC but the API Gateway itself is not attached to your VPC or subnets
• ALB: Must be attached to subnet(s) of customer VPC.

AuthN/AuthZ

• API Gateway: Have extensive AuthN/Z integration – API Key, IAM, Cognito User Pool, Cognito Identity Pool, external IdP
• ALB: Candidates often make mistake saying ALB doesn't have AuthN/Z integrations which is not true. ALB integrates with any OIDC compliant IdP (Cognito, LDAP etc.).

Rate Limiting

• API Gateway: Built-in throttling, quotas, and bursting.
• ALB: Needs AWS WAF integration for similar control, or can be applied on the backend

DDoS Protection

• API Gateway: Basic DDoS protection inbuilt, no extra charge
• ALB: Enable AWS Shield for DDoS protection

Static IP Address

• API Gateway: No static IP address
• ALB: No static IP by default, integrate with Global Accelerator to get one (costs extra)

Request Handling

• API Gateway: Supports validation, mapping, and transformations before hitting the backend.
• ALB: Require frontend or backend code.

Scaling

• API Gateway: Up to 10K TPS with burst rates of 5K.
• ALB: Virtually unlimited, but may require pre-warming for spiky workloads.

Integration Scope

• API Gateway: Can invoke AWS backend service (e.g. Lambda) across regions/accounts.
• ALB: Tied to the same region/account.

Deployment Strategies

• API Gateway: Supports Canary deployments out of the box.
• ALB: Manual setup required.

Import/Export

• API Gateway: Able to export/import APIs cross API platforms using swagger, Open API Spec 3.0. This is particularly useful when migrating APIs from an onprem API platform to AWS, or cross cloud migration
• ALB: No direct method to import/export rules for cross platforms.

Caching

• API Gateway: Can cache GET responses
• ALB: No default caching capability, integrate with CloudFront (costs extra)

Timeouts

• API Gateway: Max 30s (extendable by request).
• ALB: Up to 4,000s (ideal for long-running tasks).

Backend Options

• API Gateway: Great for serverless-first architectures, integrates with most AWS services. Can't integrate with ASG and Kubernetes directly
• ALB: Integrates with ASG, EC2s, Lambdas (and IP addresses). Native integration with Kubernetes - can act as Ingress or as an external service

Health Checks

• API Gateway: No health check available. Need to create one manually as an API path
• ALB: Health check available out of the box

Cost

• API Gateway: Pay-per-use, fully serverless
• ALB: Costs even when idle, but low for typical workloads

Interview & Real-World Takeaway

• As you can see - there are pros and cons of both based on the functionality
• Many candidates solely based their conclusion on "Serverless" and cost, don't fall into that trap
• If you’re asked in an interview: show that you know both tools, when to use them, and their trade-offs.

Both are used heavily in production systems. Knowing them deeply will set you apart.

If you want to see some of these features in a demo, check out the below video:

​

​

If you have found this newsletter helpful, and want to support me 🙏:

If you want to go one level deeper and get personally trained by me like hundreds of my students and crack top tech jobs in AWS, Microsoft, Google, Reddit, JPMorgan, CoreWeave and more, check out AWS SA Bootcamp with Live Classes, Mock Interviews, Hands-On, Resume Improvement and more: https://www.sabootcamp.com/​

Checkout my bestselling courses on AWS, System Design, Kubernetes, DevOps, and more: Max discounted links​

Keep learning and keep rocking 🚀,

Raj