AWS Partner Network (APN) Blog
How to manage peak traffic on AWS using Queue-it’s virtual waiting room
By: Jasmine Chua, Sr. Account Manager – AWS
By: Alexander Guensche, Sr. Solutions Architect – AWS
By: Martin Larsen, Distinguished Product Architect – Queue-it
By: Mojtaba Sarooghi, Distinguished Product Architect and Engineering Manager – Queue-it
By: Christian Schøning, Head of Content & Product Marketing – Queue-it
 |
| Queue-it |
 |
Peak traffic events can drive website visits to spike 2 to 25 times, as experienced by Rakuten France and Ingresso, beyond normal levels within seconds, whether from planned launches or unexpected viral attention. While standard AWS best practices like auto scaling, load testing, and caching form essential foundations, they might not fully address scenarios where traffic arrives faster than capacity can provision, backend systems hit scaling constraints, or pre-scaling costs become prohibitive. Additionally, organizations running limited-inventory events face a fairness challenge that infrastructure scaling alone cannot solve.
A virtual waiting room provides a different approach. Unlike load balancers that distribute requests or distributed denial-of-service (DDoS) mitigation that filters threats, a waiting room is fundamentally a user experience solution that controls the rate at which visitors enter applications. This post explores how Queue-it, an AWS Partner, integrates with Amazon CloudFront to add traffic control capabilities while customers maintain their existing AWS architecture.
Understanding the challenge of peak traffic
Peak traffic moments span across industries and can be both planned and unplanned. They range from major product launches and concert ticket sales to unexpected media attention or viral marketing campaigns. Ecommerce organizations face product drops and flash sales. Ticketing companies manage concert sales and venue bookings. Public sector agencies handle registrations for services such as immigration, tax filing, benefit distribution, and parks and recreation access. Educational institutions navigate enrollment periods and housing registrations. Financial services providers experience payday and campaign-driven traffic spikes. Telecommunications companies prepare for device launches.
Real traffic patterns frequently diverge from modeled scenarios, introducing load characteristics that weren’t anticipated during testing. Automatic scaling mechanisms respond to observed load, but when traffic spikes faster than new capacity can provision, a gap emerges between demand and available resources. Backend dependencies like databases and payment processors often have inherent scaling limitations that make them bottlenecks even when frontend infrastructure scales successfully. The cost implications of pre-scaling infrastructure for short-duration events can significantly impact budget planning, particularly when peak magnitude remains uncertain.
Figure 1: A Queue-it customer saw traffic jump 561% within two minutes of a media mention, with spikes often reaching 2–25× normal levels.
Beyond technical considerations, organizations running limited-inventory events face an additional challenge: fairness. Without traffic control mechanisms, high-demand sales can become races measured in milliseconds, often dominated by automated bots rather than genuine customers, resulting in poor customer experience and damaged brand trust.
The business impact of inadequately managed peak traffic can be significant. According to industry research on downtime, 93% of enterprises report costs exceeding $300,000 per hour, while the Global 2000 experiences an average of $23 million annually in productivity losses and overtime wages, plus $11 million in additional infrastructure spending. From a customer experience perspective, 77% of customers will leave a site without transacting if they encounter an error, and one in three will leave a brand they love entirely after only one bad experience.
How Queue-it integrates with AWS architecture
Queue-it provides a managed software as a service (SaaS) virtual waiting room that manages visitor flow during high-traffic periods before giving them access to protected parts of applications at a controlled rate, preventing system overload and ensuring fair access for visitors. The solution operates as a control layer at the edge, integrating seamlessly with existing AWS infrastructure without requiring application re-architecting. The integration works through CloudFront using AWS Lambda@Edge functions to intercept and evaluate traffic before it reaches origin servers.
The integration centers on two lightweight Lambda@Edge functions running at ViewerRequest and ViewerResponse events within an existing CloudFront distribution. This edge-based approach means traffic evaluation happens at AWS edge locations closest to users without introducing latency to origin infrastructure. Configuration requires no DNS changes. An initial prototype integration, including basic testing, can be completed in less than an hour, with full production rollout and validation typically achieved within a day.
When a request arrives at a CloudFront distribution, the Queue-it Connector running as a Lambda@Edge function evaluates whether that request targets a protected resource and whether the visitor has a valid Queue-it token signaling they’ve already passed through the waiting room. Protection rules can be defined for entire sites, specific pages, or actions such as checkout, based on flexible configuration criteria like request URL, user agent, or HTTP header.
When a request requires protection and the visitor lacks a valid token, Queue-it Connector responds with an HTTP 302 redirect to send the visitor to waiting room infrastructure hosted and managed within Queue-it’s own AWS environment. All waiting room logic—including queue management, visitor handling, real-time reporting, monitoring, and rendering of the queue page—occurs outside the customer’s infrastructure, requiring no management effort and consuming none of the customer’s AWS resources. When it’s the visitor’s turn, another HTTP 302 redirect returns them to the site with a signed Queue-it token that grants access. The token remains valid for a configured duration, so the visitor can complete their journey navigating the application normally.
Figure 2: The Queue-it Connector checks incoming requests at the CloudFront edge, temporarily redirecting (HTTP 302) visitors to the waiting room when required, based on configured rules.
Architecture using AWS services
Queue-it’s virtual waiting room is built using AWS services to provide scalability and high availability. The architecture spans multiple AWS Regions and Availability Zones to support data residency requirements and performance optimization. Amazon DynamoDB serves as the primary datastore for queue state management, providing low-latency, high-throughput access for tracking session states and user positions in real time, scaling to handle hundreds of thousands of transactions per second.
Application Load Balancer and Amazon Elastic Compute Cloud (Amazon EC2) work together to distribute traffic intelligently across compute resources; delivering built-in fault tolerance, high availability, and seamless scalability. AWS Fargate provides the foundation for running containerized tasks without server management overhead. Additionally, Queue-it relies on AWS services to provide its core functionality: Amazon API Gateway for API security, Amazon Route 53 for DNS routing, Amazon CloudWatch for monitoring, and AWS Shield Advanced for advanced threat protection. To deliver visitor traffic monitoring and reporting as part of its core features, Queue-it uses Amazon Kinesis for scalable data streaming and Amazon OpenSearch Service for advanced search and visualization.
Figure 3: Queue-it is built on more than 10 core AWS services and runs all waiting room logic, queue management, and visitor handling on its infrastructure.
Operating capabilities
Real-time monitoring and control capabilities are essential for managing peak traffic events. Queue-it uses Kinesis and OpenSearch Service to enable real-time traffic monitoring and control through a web-based admin interface and REST APIs. During an active event, administrators can adjust traffic throughput based on system performance under load, update waiting customers with real-time messages, and pause the queue process and communicate with visitors if unexpected issues arise. These control mechanisms are supported by real-time traffic analytics dashboards, where administrators can monitor key metrics including arrivals per minute, current queue length, and average wait times.
Figure 4: The Monitor page in Queue-it’s web-based admin platform provides real-time metrics and can be used to adjust throughput based on backend system performance.
The customer experience during peak traffic shifts from encountering crashes and errors to receiving controlled access with clear communication. Queue-it provides first-in-first-out access through centralized request management or randomized access options for limited-inventory scenarios. Waiting visitors receive information including queue position, expected wait time, and progress indicators. Email notifications can alert visitors when their turn arrives. Visitors can queue across devices, and customizable branded waiting room pages maintain brand presence throughout the experience.
Figure 5: Visitors enter a branded waiting room that sets expectations, provides real-time updates, and shows their progress.
Customer examples
Sky Mobile, a UK telecommunications provider, used Queue-it’s virtual waiting room for their 2024 iPhone launch, achieving a 37% year-over-year increase in conversion rate to their previous solution and higher sales year-over-year despite smaller relative demand. By using the real-time visibility and control capabilities, they could optimize the event dynamically, running the waiting room for slightly more than an hour compared to 3 hours in 2023.
“The insights Queue-it provides into traffic and the level of control it gave us made a dramatic difference,”
– Kevin Lau, Service Manager at Sky Mobile
“If you have peak demand scenarios like an iPhone launch, Queue-it is really a no brainer,”
– Tom Grammer, Head of Mobile Services at Sky Mobile
His Majesty’s Passport Office processes 4–8 million passport applications annually, with 90% submitted online. To manage traffic spikes that were overwhelming their systems, the team scaled up their cloud infrastructure and even built an in-house waiting room, but the costs and risks were too high. Then they integrated Queue-it using the Connector for Amazon CloudFront and have successfully handled traffic spikes of nearly 70,000 applications while maintaining system stability and avoiding major outages.
“Queue-it really gives us and the business the confidence we need,”
– Elaine Salveta, Digital Services Manager at His Majesty’s Passport Office
“What we’re paying for with Queue-it is safety and reliability, and that’s paid off 100 times over,”
– Kevin Lewis, Product Manager at His Majesty’s Passport Office
Getting started
AWS customers interested in exploring virtual waiting room solutions for peak traffic management can find Queue-it on AWS Marketplace for streamlined procurement. To learn more, visit Queue-it AWS virtual waiting room.
Queue-it – AWS Partner Spotlight
Queue-it is an AWS Validated Technology Partner and a global leader in virtual waiting room technology. Trusted by more than 1,000 organizations and managing over 30 billion visitor interactions annually, Queue-it helps ensure stable operations during peak demand, orchestrating traffic to prevent overload, block bad bots, and improve customer experience. Built on AWS, Queue-it combines deep domain expertise and 24/7/365 global support to help major retailers, ticketing companies, government agencies, and financial institutions run mission-critical high-traffic online events with confidence.