Professional Documents
Culture Documents
SVS402-R2 - Building APIs From Front To Back
SVS402-R2 - Building APIs From Front To Back
Eric Johnson
Senior Developer Advocate – Serverless
Amazon Web Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who am I?
• Eric Johnson – @edjgeek
• Sr. Developer Advocate – Serverless, AWS
• Serverless/tooling/automation geek
• Software Architect/Solutions Architect
• Music lover
• Pizza and Diet Dr. Pepper fanatic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon API Gateway
Edge-optimized
Amazon API Gateway cache
CloudFront
HTTPS distribution Any other
AWS service
Websites
All publicly
accessible
endpoints
Customer-managed Amazon
CloudFront distribution
Regional
Services
Endpoints
Applications in VPC
and services
in the same
AWS region
AWS Direct
Connect
Private
Applications
and services Amazon CloudWatch
in VPC monitoring
On-premises
API Gateway management
Type: AWS::Serverless::SimpleTable
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Meet Angus and Elly
• Newly married
• Want to keep track of each
other
• Budding developers
• Want to build it themselves
• Want it to be secure
• Want to use serverless
Amazon
CloudFront
AWS Amplify
Console
Amazon S3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Phase one summary
To this!
GetFunction
Client RecordsTable
API Gateway
PostFunction
Hosting the front end
AWS Amplify
Console
GetFunction
Client RecordsTable
API Gateway
PostFunction
AWS Amplify
Console
Throttling
10,000 rps
Order of evaluation
Resource policies
AWS Cloud account AWS Cloud account
My API
ip address: x.x.x.x
Table
AWS Web Application Firewall (AWS WAF)
• Protect API Gateway APIs from common
API Gateway web exploits, such as SQL injection and
cross-site scripting (XSS) attacks
• Block requests from specified IP address
ranges or CIDR blocks
• Block requests originating from a specific
country or region
• Match specified string or regular expression
Rules
pattern in HTTP headers, method, query
string, URI, and the request body
AWS WAF • Block attacks from specific user-agents,
bad bots, and content scrapers
Data modeling and validation
{
deviceType: “angus phone”,
location: “the house”,
message: “eating”,
}
{
deviceType: “angus phone”, {
message: “eating”, "type” : "object",
}
"required” : [ "deviceType", "location" ],
"properties” : {
"deviceType” : { "type" : "string” },
{
location: “the house”, "location” : { "type" : "string” },
message: “eating”, "message" : { "type" : "string” }
}
}
}
{
deviceType: “angus phone”,
location: “the house”,
}
{
deviceType: “angus phone”,
location: “the house”,
message: { success: true }
}
Data modeling and validation
=
{
deviceType: “angus phone”,
location: “the house”,
message: “eating”,
}
!=
{
deviceType: “angus phone”, {
message: “eating”, "type” : "object",
}
"required” : [ "deviceType", "location" ],
"properties” : {
!=
"deviceType” : { "type" : "string” },
{
location: “the house”, "location” : { "type" : "string” },
message: “eating”, "message" : { "type" : "string” }
}
}
}
=
{
deviceType: “angus phone”,
location: “the house”,
}
!=
{
deviceType: “angus phone”,
location: “the house”,
message: { success: true }
}
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Phase two summary
Phase two summary
AWS Cloud
Amazon
Cognito
Client RecordsTable
API Gateway
AWS Amplify
Console
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Meet Rufus and Beatrice
https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
Solution: API key
Require an API key
and a usage plan Client/method Client Method Account
https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
Solution: Transform the data
{
deviceType: “”,
location: “”,
Current
message: “”, schema
}
{
deviceId: “”, Device
geoCoord: “”, schema
}
https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
Where to handle the transformation?
AWS Cloud
Amazon
Cognito
Resource policy
GetFunction
Client RecordsTable
API Gateway
AWS Amplify
Console
Option A: Transform at the Lambda function
AWS Cloud
Amazon
Cognito
Resource policy
GetFunction
Client RecordsTable
API Gateway
AWS Amplify
Console
Mobile client
Option B: Transform at the API Gateway
AWS Cloud
Amazon
Cognito
Resource policy
GetFunction
https://api.domain.com/iot
Client RecordsTable
API Gateway
AWS Amplify
Console
Mobile client
Solution: Mapping template
{
{ deviceType: “”,
deviceId: “”, location: “”,
geoCoord: “”, message: “”,
} }
Solution: Mapping template
{
{ #set($inputRoot = $input.path('$’))
deviceType: “”,
deviceId: “”, {
”deviceType": $inputRoot.deviceId, location: “”,
geoCoord: “”, message: “”,
”location": $inputRoot.geoCoord,
} ”message”: “NA” }
}
Amazon
Cognito
Resource policy
GetFunction
Client RecordsTable
API Gateway
AWS Amplify
Console
More with mapping templates
AWS Cloud
Resource policy
GetFunction
Client RecordsTable
API Gateway
AWS Amplify
Console
Service integration
AWS Cloud
transform transport
Amazon
Cognito
Director, Product Mgmt., AWS Serverless Applications
Resource policy
Client RecordsTable
API Gateway
AWS Amplify
Console
Service integration request mapping template
Client RecordsTable
API Gateway
{
• GET request converted "TableName" : "FamilyBackend-Table"
to POST for DynamoDB }
• Request mapping
converts to DynamoDB
scan request
Service integration response mapping template
Client RecordsTable
API Gateway
#set($inputRoot = $input.path('$'))
• Response mapping [
template converts data #foreach($elem in $inputRoot.Items) {
"deviceType":"$elem.deviceType.S",
from DynamoDB schema "location": "$elem.location.S",
"message": "$elem.message.S",
"timestamp": $elem.timestamp.N,
"id": "$elem.id.S"
}
#if($foreach.hasNext),
#end
#end
]
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Phase three summary
Phase three summary
AWS Cloud
Amazon
Cognito
Resource policy
https://api.domain.com/iot
Client RecordsTable
API Gateway
AWS Amplify
Console
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Final thoughts
• Base website • API key/usage plan
• Authentication/authorization • Mapping templates
• Throttling • Service integration
• Resource policies
• AWS WAF
Final thoughts
• Base website • API key / usage plan
• Authentication/authorization • Mapping templates
• Throttling • Service integration
• Resource policies
• AWS WAF
OpenAPI 3
Swagger
JSON YAML
Postman API Gateway
Extensions Extensions
Final thoughts
Convert OpenAPI 3 to Swagger
OpenAPI 3
Swagger
JSON YAML
Postman API Gateway
extensions extensions
Learn serverless with AWS Training and Certification
Resources created by the experts at AWS to help you learn modern application development
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Eric Johnson
@edjgeek
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.