Note_Tech

All technological notes.

---

Project maintained by simonangel-fong Hosted on GitHub Pages — Theme by mattgraham

AWS - API Gateway

Back

• AWS - API Gateway
  • AWS API Gateway
    • API Type
    • Integrations High Level
    • Endpoint Types
    • Security
  • Use Case
    • Building a Serverless API
    • Kinesis Data Streams
  • Hands-on

---

AWS API Gateway

• AWS Lambda + API Gateway: No infrastructure to manage

• Support for the WebSocket Protocol
• Handle API versioning (v1, v2…)
• Handle different environments (dev, test, prod…)
• Handle security (Authentication and Authorization)
• Create API keys, handle request throttling
• Swagger / Open API import to quickly define APIs
• Transform and validate requests and responses
• Generate SDK and API specifications
• Cache API responses

---

API Type

• HTTP API

  • Build low-latency and cost-effective REST APIs with built-in features such as OIDC and OAuth2, and native CORS support

• WebSocket API

  • Build a WebSocket API using persistent connections for real-time use cases such as chat applications or dashboards.

• REST API

  • Develop a REST API where you gain complete control over the request and response along with API management capabilities.

• REST API Private

  • Create a REST API that is only accessible from within a VPC.

---

Integrations High Level

• Lambda Function

  • Invoke Lambda function
  • Easy way to expose REST API backed by AWS Lambda

• HTTP

  • Expose HTTP endpoints in the backend
  • Example:
    • internal HTTP API on premise,
    • Application Load Balancer…
  • Why? Add rate limiting, caching, user authentications, API keys, etc…

• AWS Service

  • Expose any AWS API through the API Gateway
  • Example:
    • start an AWS Step Function workflow,
    • post a message to SQS
  • Why? Add authentication, deploy publicly, rate control…

---

Endpoint Types

• Edge-Optimized (default):

  • For global clients
  • Requests are routed through the CloudFront Edge locations (improves latency)
  • The API Gateway still lives in only one region

• Regional:

  • For clients within the same region
  • Could manually combine with CloudFront (more control over the caching strategies and the distribution)
• Private:
  • Can only be accessed from your VPC using an interface VPC endpoint (ENI)
  • Use a resource policy to define access
• Sample:
  • When you are using an Edge-Optimized API Gateway, your API Gateway lives in CloudFront Edge Locations across all AWS Regions.
    • An Edge-Optimized API Gateway is best for geographically distributed clients. API requests are routed to the nearest CloudFront Edge Location which improves latency. The API Gateway still lives in one AWS Region.

---

Security

• User Authentication through

  • IAM Roles (useful for internal applications)
  • Cognito (identity for external users – example mobile users)
  • Custom Authorizer (your own logic)

• Custom Domain Name HTTPS security through integration with AWS Certificate Manager (ACM)

  • If using Edge-Optimized endpoint, then the certificate must be in us-east-1
  • If using Regional endpoint, the certificate must be in the API Gateway region
  • Must setup CNAME or A-alias record in Route 53

---

Use Case

Building a Serverless API

---

Kinesis Data Streams

---

Hands-on

• Create Lambda

• update code and deploy

import json

def lambda_handler(event, context):
    body = "Hello from Lambda!"
    statusCode = 200
    return {
        "statusCode": statusCode,
        "body": json.dumps(body),
        "headers": {
            "Content-Type": "application/json"
        }
    }

• API Type

• Endpoint Type

• Create API

• Create API Method

• Lambda has been integrate

• lambda policy has been updated

• Test API

• Create resource
  • then create new lambda function to be integrated.

• Deploy API

• Test in browser

---

TOP