This post brings up a very common problem when you open-up your API services to internet, even if the target is supposedly B2B segment. So let's jump into the case now.
Case 2: Abusive ingress traffic eating your bills, productivity and livelihood
You join a growing e-commerce company as an engineering leader that leverages legacy (some fork of PHP based open-sourced system deployed in Linux server in the cloud for its production environment), in-house and orphaned EDI service (Electronic Data-Interchange service) to manage its communications with all its B2B services on the supply-chain side of its business. The company went through bad attrition during the time of great resignations and many of its services end-up being orphaned, with EDI system being one of them.
From what you understand talking to your business leaders, EDI service is critical and that its B2B clients list although keeps changing from time to time, but that list is growing with time as the company is scaling.
Your CFO comes to you cribbing about the cloud cost and is pushing you to look for opportunities to reduce the cost.
Your CEO is frustrated in getting escalating mails from the B2B businesses reporting of the unavailability of EDI services and that it hurts business operations causing huge loss of money and reputation. He is so amazing in that he lets you handle all the customer grievances as their first point of contact for escalation. You now have the privilege of hearing the music direct from the business via scheduled late night calls to overlap with your offshore time-zones.
Take a deep breadth, pick the pointers and constraints and think out loud on what the issue could be. As an experienced engineer how would you go about solving this problem show casing your engineering prowess and customer obsession?