AWS Certified Developer Exam Notes – API Gateway

Posted on by antonogeo

API Gateway

  • Fully managed service acting as the front door for applications to access data, business logic, or functionality from your backend services
  • It handles versioning, environments, API keys, throttling
  • Works with Lambda, HTTP, AWS Service
  • Endpoint Types
    • Edge Optimized (default)
      • Uses Cloudfront edge locations
      • API GW still lives in one region
      • Improved latency
    • Regional
      • Clients in the same region
    • Private
      • Deployed within a VPC
  • Deployment. 
    • We need to Deploy our changes. We can deploy different stages, with different URLs (stage, prod)
      • Support stage variables. We can use the variables to call different Lambdas per stage.
    • Canary Deployments
      • Setup a % that the prod receives
      • If everything is ok, move all the traffic
  • We can use API GW in front of a SOAP API, and use HTTP Integration type to map the JSON parameters to XML
  • We can import/export a Swagger / Open API spec
  • Cache
    • Cache TTL default 300 seconds (0 – 3600s)
    • Expensive
    • defined per stage
    • 0.5GB – 237GB
    • Ability to evict from ui or api call
      • Checkbox for require authorization
  • Cloudwatch Metrics
    • CacheHitCount / CacheMissCount
    • Count
    • IntegrationLatency
    • Latency
    • 4XXError / 5XXError
  • Throttling: 429 Too Many Requests
  • Errors: 400, 403, 429, 502, 503, 504
  • Cors
    • Must be enabled if we receive requests from another domain
    • Setup the headers and the origin
    • If the API GW is PROXY then the Lambda/application should send back the origin header.
  • WebSocket API
    • Server push data to the client, used for real-time applications, 2-way communication (chat, games, trading platforms)
    • Routing. In order to select the lambda that we want to invoke we need to set a route selection expression
      • If there is no route, go to the default backend

 

Usage Plans

  • Throttle per customer
  • API keys, that you share with customers
  • How to create a Usage Plan
    • 1. Create an API
      • On request set: API key required
    • 2. Generate API keys and send to customers/developers
      • We can see how many requests we had from one key.
    • 3. Create a usage plan. Setup throttle limits and quota.
    • 4. Associate stages and keys with usage plan

 

Integrations Types

  • Mock
    • Used for testing
  • HTTP / AWS
    • Configure request and response
    • We can change requests or responses, with Mapping Templates
  • Lambda Proxy 
    • Just pass request and response to lambda
    • Just pass request and response to HTTP service

Security 

  • IAM
    • Great for users within AWS system, Signature v4
  • Resource Policies (JSON) allow specific user / IP / VPC link
  • Cognito User Pools
    • The client gets a token from Cognito
    • The client makes a call to API GW
    • API GW evaluates token on Cognito
  • Lambda Authorizer (Custom Authorizer)
    • Used only when we already use 3rd party Auth system
    • Bearer token or HTTP request headers
    • Authentication: external
      • 3rd party Authentication system provides the token
    • Authorization: Lambda Authorizer function
      • The function communicates with 3rd party to verify

HTTP vs REST

  • HTTP
    • low latency
    • Only proxy
    • Low cost, newer, simpler, cheap
    • Does not support AWS WAF
  • REST
    • Full features