Got burned by API gateway bills so many times I keep a screenshot folder called "billing-disasters." Here's what actually happens when you deploy this shit at scale, not the fairy tales on marketing pages.
AWS API Gateway: The Surprise Bill Generator
AWS loves to advertise $1 per million requests for HTTP APIs. What they don't mention is that bill will make you question your career choices.
The Surprise Bill From Hell
Some time last year - I think March but might've been April - we moved our API to AWS Gateway. Their calculator said maybe $3K monthly. Fast forward a few months and we get hit with this insane bill. I think it was around $47K but honestly might have been higher, I try not to look at that screenshot too often. Started getting these ERROR: Data transfer exceeded account limit messages bombing our logs at like 3am. Turns out that $0.09/GB data transfer fee was buried somewhere in their fine print bullshit. Our "innocent" 5KB JSON responses? On whatever-million requests we were doing, that worked out to... fuck, I don't remember exactly, maybe $20-25K just in bandwidth costs? Nobody mentioned this during the sales pitch. Classic AWS - hook you with the low price, then the real billing nightmare starts.
Lambda Cold Start Hell
Every tutorial shows Lambda integration like it's magic. Reality? {"errorType": "Task timed out after 29.00 seconds"} during user demos. Cold starts kill you at 2-5 second delays after idle periods. Solution: keep functions artificially warm with scheduled pings every 5 minutes. Lambda costs doubled from maybe $800 to around $1,600/month just to avoid looking incompetent in meetings. I learned this the hard way during a client demo that crashed and burned.
CloudWatch Log Money Pit
Turn on detailed logging for debugging? Hope you like $0.50 per GB because however many requests we were doing generated... shit, I think it was like 2TB of logs monthly? Maybe more? That worked out to something like $1,000+ just for logs that nobody ever actually reads. I still don't understand why storing debug output costs more than the actual fucking API calls that generate it.
The Vendor Lock-in Tax
Try leaving AWS after using API Gateway. We spent 8 months and $400K migrating off because Gateway integrates with literally everything AWS. IAM, Cognito, Lambda, CloudFormation - it's all connected. Migration is not "lift and shift," it's "rebuild everything."
Real AWS Gateway cost for 100M requests/month: probably $8K-15K, not the $1K they advertise.
Kong Enterprise: The Sales Call Hostage Situation
Kong's pricing page is useless. Just says "Contact Sales" which translates to "we'll charge whatever we think you can afford."
The 47-Meeting Sales Cycle
Want Kong pricing? Better clear your calendar. Sales will drag you through 6-8 calls, demo sessions, architecture reviews, and "stakeholder alignment meetings" before they'll give you a number. Took us 3 months to get a quote. For fucking API gateway software.
User Counting Bullshit
Kong counts "users" like a rigged slot machine. Every service account, CI/CD token, monitoring script, random API key = separate billable user. We had maybe 50 actual humans using the system. Kong did some kind of license audit and found... fuck, I don't know, something like 800-900 "users"? Every Jenkins job, every kubectl command, every health check script, even our goddamn monitoring bots all counted as separate users somehow. License cost went from around $75K to... shit, I think it was close to $300K? Might've been more. All because our deployment scripts were hitting their admin API with service tokens. They dropped this news on us during contract renewal like it was no big deal. Thanks Kong.
The Environment Scam
Kong Enterprise requires separate licenses for dev, staging, and prod. They pitched us $150K for production, then casually mentioned dev/staging would be another $200K. Total: $350K for the same software running in three places.
Implementation Nightmare
Kong's "simple deployment" took 4 months and two consultants at $300/hour. PostgreSQL cluster setup, load balancer configuration, SSL certificate management, plugin debugging - none of it "just works." Final implementation cost: $180K.
Actually got Kong running in prod and it's solid. But getting there nearly killed the project budget and my sanity.
Zuul: Free Like a Puppy
Netflix open-sourced Zuul which means it costs nothing, except everything.
The Java Expertise Tax
Zuul is Netflix-grade Java. You need engineers who understand Netty, reactive programming, and can debug GC pauses at 3am. Good Java engineers cost maybe $160K+. We hired two dedicated to Zuul. That's around $320K annually before they write any business logic.
Documentation Desert
Zuul's docs are complete shit. Stack Overflow has maybe 200 questions total. When OutOfMemoryError: GC overhead limit exceeded starts killing production at 3am on some random Tuesday, you're basically fucked - just you, some incomprehensible logs, and Netflix's source code. Spent maybe two weeks, could've been longer, debugging this memory leak that kept taking down our gateway every few hours. Solution? Found some random comment buried deep in a GitHub issue - I think it was something like issue #800-something? Some Netflix engineer just casually mentioned "try setting -XX:MaxDirectMemorySize=512m" in response to a completely different problem. That's it. No explanation. No documentation. No warning that this would fix anything. I still have no fucking clue why this JVM flag fixes the memory leak but it stopped the crashes.
The Build-Everything-Yourself Problem
Zuul gives you request routing and not much else. No admin UI, no metrics dashboard, no user management, no plugin ecosystem. We built everything from scratch. Maybe six months, three engineers, around $400K in development costs.
Production Ops Hell
When Zuul breaks at 2am (and it will), there's no support hotline. It's you, the logs, and whatever Java expertise you can muster. We've had outages that lasted hours because nobody understood the Netflix-specific configuration patterns.
But fuck me, when it works, it works. Handles millions of requests without breaking a sweat and the latency is incredible.
What This Shit Actually Costs in Reality
For a real 100M request/month deployment:
AWS Gateway: probably $120K-180K yearly
- Requests: around $1.2K/month (maybe $14K/year)
- Data transfer: $2-4K/month or more (around $30K/year)
- Lambda compute: $3-6K/month (maybe $50K/year)
- Logs and monitoring: around $800/month ($10K/year)
- Hidden surprise bills: $1K/month easily ($15K/year)
Kong Enterprise: something like $350K-500K yearly
- License (prod + staging): around $200K/year
- Infrastructure (6 servers + DB): maybe $60K/year
- Support/consulting: probably $90K/year
Zuul: probably $400K-600K yearly
- Engineers (2x around $160K): maybe $320K/year
- Infrastructure: around $40K/year
- Development/maintenance: probably $60K/year
The Real Talk
If you're already on AWS, just use AWS Gateway and budget 10x what you think it'll cost. Kong is solid but expensive as hell and their sales process is cancer. Zuul is for companies with serious Java expertise and time to build everything.
Don't trust vendor pricing pages. Budget 3-5x whatever number they give you, because the surprise bills are coming.