API Gateway Essentials
- fully managed service that allows you to create and manage your own APIs for your application.
- acts as “front door” for your aplication, allowing access to data/logic/functionality from your back-end service.
main features
Build Restful APIs with Resources Methods Setting
Deploy APIs to a “Stage”(dev, beta, production)
Create a new API version by cloning an existing one.
Roll back to previous API deployments
Custom domain names
Create and manage API keys for access AND meter usage of the API keys through Amazon CloudWatch Logs.
Set throttling rules based on the number of request per second(request over the limit throttled(HTTP 429 response)
Security using Signature v.4 to sign and authorize API calls(temporary credentials generated through Cognito and STS).
Benefits of API Gateway
ability to cache API responses
DDos protection via cloudfront
SDK generation for IOS, Android, and JavaScript
Supports Swagger
Request/response data transformation(HSAON IN to XML OUT).
API Gateway: CloudFront
Built in Distributed Denial of Service attack protection and mitigation.
All CloudFront Edge Locations become entry points for your API into your back-end.
reduced latency and improved projection
API Gateway Cache
Cache API responses so that duplicate API request do not have to hit your back-end.
can configure a cache key and TTL of the API response
cache can be setup on a per API or per stage basis.
API Gateway: CloudWatch
used to monitor API Gateway activity and usage;
Monitoring can be done one the API or Stage level.
Throttling rules are monitored by CloudWatch.
monitoring metrics include such statistics as: Caching; Latency; Detected errors
Method-level metrics can be monitored.
You can create CloudWatch alarms based on these metrics.
API pricing
- API caching in Amazon API gateway is not eligible for the AWS free Tier;
- Calling methods with the authorization type of AWS_IAM, CUSTOM, and cognito_user_pools are not charged for authorization and authentication failures.
- Calling methods requiring API keys are not charged when API keys are missing or invalid.
- API Gateway-throttled requests are not charged when the request rate or burst exceed the pre-configured limits.
- Usage plan-throttled requests are not charged when rate limits or quota exceed the pre-configured limits.
API gateway troubleshooting tip:
”|(pipe)” is not supported for any request URL query string and must be URL-encoded.
/ping and /sping are reserved for the service health check.
cross-account authentication is not currently supported in API Gateway.
an API caller must be an IAM user of the same AWS account of the API owner.
Stage variables
name-value pairs that you can define as configuration attributes associated with a deployment stage of an API. They act like environment variables and can be used in your API setup and mapping templates.
You can also use stage variables to pass configuration parameters to a Lambda function through your mapping templates.
-
Account/Physical Organization18
-
VPC15
-
EC231
-
Lambda3
-
CloudWatch/CloudTrail/SNS3
-
Advanced Networking17
-
Troubleshooting24
-
S316
-
Route 5311
-
VPN14
-
CLI1
-
Databases11
-
SQS4
-
API Gateway9
-
Monitoring15
-
Deployment Service5
-
Analytics16
-
EC2 Container Service12
-
How to Design CLoud Services and Best Pratice2
-
Monitoring your AWS environment3
-
Architectual Trad-off Decisions3
-
Elasticity & Saclability6
-
Shared Security Responsibility Model2
-
AWS Platform compliance and security services12
-
DDoS Mitigation2
-
Encryption solutions3
-
Complex Access COntrol2
-
Cloud Watch for the security Architect1
-
CloudHSM4
-
Disaster Recovery6
-
Review98
