Fast one way and secure hashing algorithms

Question

I have been going around the existing hashing algorithms to hash password for a small microservice that uses basic auth for authentication.

As per the community standard I chose bcrypt algo to hash the password. But after benchmarking the server using Apache Benchmark, I found out that 90% of the cpu cycles are being spent on verifying the password. To give a context, a t3.large was able to process 60 req/sec without authentication and only 6 req/sec with authentication logic.

I thought of doing a benchmarks using passlib library available in python and here are the results for 100 iterations using passlib with default settings -

print (timeit.timeit('my_ctx.verify("password", hash_sha256)', setup=setup, number=100))
40.74972726893611
print (timeit.timeit('my_ctx.verify("password", hash_md5)', setup=setup, number=100))
0.03434068092610687
print (timeit.timeit('my_ctx.verify("password", hash_des)', setup=setup, number=100))
0.01271090202499181
print (timeit.timeit('my_ctx.verify("password", hash_bcrypt)', setup=setup, number=100))
25.593560334993526
print (timeit.timeit('my_ctx.verify("password", hash_sha512)', setup=setup, number=100))
46.78381339798216
print (timeit.timeit('my_ctx.verify("password", hash_pbkdf2)', setup=setup, number=100))
2.236785114975646
print (timeit.timeit('my_ctx.verify("password", hash_argon2)', setup=setup, number=100))
12.668332702014595

I understand there are multiple rounds going on behind the scenes to hash it up. After changing the rounds for sha256 to 1000, there was a significant difference -

timeit.timeit('sha256_crypt.hash("password", rounds=1000)', setup=setup, number=100)

So my Question is -

For a small microservice that uses Basic Auth and not Token Based Authentication or any other means, I want to ask what is the optimum approach to be taken, so that the password is securely reside in a multi level secure database hosted on amazon servers?