How to Protect My Django Website Hosted on Lambda from Bots Without Wasting Requests?

Hi, everyone!

I’m hosting a Django website on AWS Lambda, and since Lambda charges based on the number of requests, I’m worried about bots abusing the site and driving up my costs.

I know tools like CAPTCHA can help filter bots, but since the request would already reach the Lambda function before the CAPTCHA is served, it doesn’t prevent the cost from those initial requests.

Are there strategies or tools that can block bots before they hit the Lambda endpoint? I’ve heard about WAFs (Web Application Firewalls), but I’m unsure about the best approach or whether there are other effective solutions for this type of setup.

Any advice would be greatly appreciate!