What does “deploying” your API Gateway achieve?
Makes the API Gateway accessible as an HTTP endpoint (an “invoke” URL)
API Gateway Resource vs. API Gateway Method
Resource is an object or collection of objects represented by a URL path, like: {api-id}.execute-api-us.west2-amazon.aws.com/books
A Method is the HTTP VERB that acts on the Resource NOUN
Flavors of API Gateway Integration Requests / Responses
API Gateways connection to the client (Method Requests and Responses) are not subdivided
The backend connections can be to Lambda, HTTP endpoints, or AWS Services. The “Integration Request” and “Integration Response” can be Lambda (Custom or Proxy), HTTP (Custom or Proxy), or Mock (for testing purposes
Three types of API Gateway authentication methods
IAM Roles and Policies
Cognito User Pools
Lambda Authorizers (both token-based and request parameter-based)
Permissions / Steps to allow a user to invalidate an API Gateway cache
- Tick the “Require Authorization” box (so that not everyone can invalidate the cache)
- User assumes a Role that includes “Allow / execute-api: InvalidateCache” permission.
- User sends a request with header: CACHE-CONTROL: MAX-AGE = 0
CW Monitoring of API Execution (Latency): overall responsiveness, backend responsiveness
Overall: LATENCY metric. Backend: INTEGRATION LATENCY metric
Key function / slogan of API Gateway. What does it do?
“Expose any AWS Service to the outside world.”
Chief Value of API Gateway for each of the three backend integrations
Lambda: easiest way to connect a REST API to a Lambda function
HTTP: API Gateway can add rate limiting, caching, user authorization, API keys, etc. to backend URL
AWS Service: Authorization, public access, rate control
Most common meaning of a “Bad Gateway 502” error on a Lambda Proxy Integration
The format the Lambda function returned doesn’t match what’s needed to be passed to the client (maybe XML vs. JSON)
Purpose of API Gateway’s STAGE Variables
Allow you to parameterize / adjust the behavior of APIs during runtime without redeploying the APIG. Useful in any multi-environment API Gateway set up. You set the key-value stage variables in API Gateway, then reference them in mapping templates or other client-side structures.
API Request Limit and Throttling Error Code
10,000 requests / second or 5,000 concurrent requests
429 Too Many Requests
What is the API Gateway cache capacity?
0.5 GB - 237 GB
Steps to create an API Gateway
- Sign in to AWS Console:
Log into the AWS Management Console and navigate to API Gateway service. - Create an API:
Choose to create a new API. AWS API Gateway offers different types of APIs, including HTTP APIs, REST APIs, and WebSocket APIs. Select the type of API you need based on your use case. - Define API Routes:
Create and define the routes (also known as resources) for your API. For example, you might define routes like /users or /products. - Configure Method:
For each route, configure the HTTP method (GET, POST, PUT, DELETE, etc.). Set up the integration type for the method (like Lambda function, HTTP endpoint, or AWS service) and link the appropriate backend. - Set Up Request & Response:
Configure request and response parameters, headers, and request/response models if necessary. Set up mapping templates if you need to modify the request or response format. - Deploy API:
To make your API accessible, you need to deploy it to a stage. A stage is a reference to a deployment of an API and is often associated with a specific environment (like prod, dev, or beta). - Configure Domain (For HTTPS Endpoint):
Purchase or use an existing custom domain and configure it in API Gateway, or use the default endpoint provided by AWS.
Set up an SSL/TLS certificate for your custom domain. AWS Certificate Manager (ACM) can be used to request and manage certificates.
Create a custom domain name in API Gateway and associate it with the deployed API stage. Configure the base path mapping to link your custom domain to the deployed stage of the API. - DNS Configuration:
Update your domain’s DNS records to point to the API Gateway endpoint. This might involve creating a CNAME record that points to the API Gateway domain name. - Testing and Monitoring:
Test the API using tools like curl, Postman, or through your application.
Set up CloudWatch logging and monitoring for insight into the API’s performance and usage. - Security & Authorization:
Implement security measures such as API keys, AWS Identity and Access Management (IAM) roles and policies, or Lambda authorizers to control access to your API. - Throttling & Quotas:
Optionally set up throttling rules and usage quotas to protect your backend systems from traffic spikes. - Documentation:
Document your API, making it easier for developers to understand and integrate with your services. API Gateway supports Swagger/OpenAPI definitions for documentation.
What is a “Request Validation” in the API Gateway context?
A configuration to get API Gateway to test / validate an API request (headers / body / query string, etc.) without bothering the backend. Returns a 400 error if there is an issue.
Four API Gateway error messages to know: 403 Access Denied, 429 Throttle, 502 Bad Gateway, 504
403 may mean filtered by WAF
429 throttle
502 Bad Gateway (often an incompatible response / output from
backend)
504 Endpoint Timeout (29s) – this is not changeable for a Lambda backend. Can be changed for HTTPS backends, up to 50 s
Three API Gateway Endpoint Types
- Edge-Optimized: requests are routed to the nearest Edge POP
- Regional: CloudFront not used, customers are assumed to be in a single region, so a single endpoint is fine
- Private: Endpoint only accessible within a VPC with an VPC endpoint
