Scribd Logo
Upload

Welcome to Scribd!

  • SVS402-R2 - Building APIs From Front To Back

    Uploaded by

    Tony
    34 views56 pages

    Original Title

    SVS402-R2- Building APIs from front to back

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    34 views56 pages

    SVS402-R2 - Building APIs From Front To Back

    Uploaded by

    Tony

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 56

    SVS402-R

    Building APIs from front to back

    Eric Johnson
    Senior Developer Advocate – Serverless
    Amazon Web Services

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Who am I?
    • Eric Johnson – @edjgeek
    • Sr. Developer Advocate – Serverless, AWS
    • Serverless/tooling/automation geek
    • Software Architect/Solutions Architect
    • Music lover
    • Pizza and Diet Dr. Pepper fanatic
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Amazon API Gateway

    Amazon API Gateway is a fully


    managed service that makes it
    easy for developers to create,
    publish, maintain, monitor, and
    secure APIs at any scale
    API architecture Lambda
    functions

    Amazon API Gateway


    Public
    endpoints on
    Amazon EC2
    Mobile client Fully managed

    Edge-optimized
    Amazon API Gateway cache
    CloudFront
    HTTPS distribution Any other
    AWS service

    Websites
    All publicly
    accessible
    endpoints
    Customer-managed Amazon
    CloudFront distribution

    Regional
    Services
    Endpoints
    Applications in VPC
    and services
    in the same
    AWS region
    AWS Direct
    Connect
    Private

    Applications
    and services Amazon CloudWatch
    in VPC monitoring
    On-premises
    API Gateway management

    AWS Management AWS CLI AWS SAM


    Console

    AWS CloudFormation Swagger/OpenAPI AWS Cloud Development Kit


    AWS SAM templates
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetProductsFunction:
    Type: AWS::Serverless::Function
    Properties:
    Just 20 lines to create:
    Handler: index.getProducts
    Runtime: nodejs10.x • Lambda function
    CodeUri: src/
    Policies: • IAM role
    - DynamoDBReadPolicy:
    TableName: !Ref ProductTable • API Gateway
    Events:
    GetResource:
    Type: Api
    • DynamoDB table
    Properties:
    Path: /products/{productId}
    Method: get
    ProductTable:
    Type: AWS::Serverless::SimpleTable
    AWS SAM templates
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31 AWS Cloud
    Resources:
    GetProductsFunction:
    Type: AWS::Serverless::Function
    Properties:
    Handler: index.getProducts
    Allowing API Gateway

    Runtime: nodejs10.x this


    CodeUri: src/
    Policies:
    - DynamoDBReadPolicy:
    TableName: !Ref ProductTable
    ===
    To become
    Lambda function
    Events:
    GetResource:
    Type: Api
    this
    Properties:
    Path: /products/{productId}
    Method: get
    Role
    ProductTable: Table

    Type: AWS::Serverless::SimpleTable
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Meet Angus and Elly
    • Newly married
    • Want to keep track of each
    other
    • Budding developers
    • Want to build it themselves
    • Want it to be secure
    • Want to use serverless

    Image source: https://pixabay.com/vectors/boy-colorful-comic-characters-1298928/


    The family website
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    What services shall we start with?
    AWS Cloud

    API Gateway AWS Lambda Amazon


    DynamoDB

    Amazon
    CloudFront

    AWS Amplify
    Console
    Amazon S3
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Phase one summary

    We went from this …


    Phase one summary
    AWS Cloud

    To this!
    GetFunction

    Client RecordsTable
    API Gateway

    PostFunction
    Hosting the front end

    AWS Amplify
    Console

    Git-based workflow for


    deploying and hosting
    full-stack serverless web
    applications

    AWS Amplify Console makes life easy!


    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Not an exhaustive list
    Covering Not covering
    • Amazon Cognito • Cache
    • Throttling • CloudFront
    • Resource policies
    • AWS WAF
    • Data models
    Authentication and authorization
    AWS Cloud

    • User pools through Amazon Cognito


    • Amazon Cognito authorizers on API Gateway
    Amazon
    Cognito

    GetFunction

    Client RecordsTable
    API Gateway

    PostFunction

    AWS Amplify
    Console
    Throttling

    Client/method Client (Usage Plan) Method Account


    (Usage Plan)

    10,000 rps

    Order of evaluation
    Resource policies
    AWS Cloud account AWS Cloud account
    My API

    AWS Identity and Access


    Management (IAM)

    Corporate data center

    ip address: x.x.x.x
    Table
    AWS Web Application Firewall (AWS WAF)
    • Protect API Gateway APIs from common
    API Gateway web exploits, such as SQL injection and
    cross-site scripting (XSS) attacks
    • Block requests from specified IP address
    ranges or CIDR blocks
    • Block requests originating from a specific
    country or region
    • Match specified string or regular expression

    Rules
    pattern in HTTP headers, method, query
    string, URI, and the request body
    AWS WAF • Block attacks from specific user-agents,
    bad bots, and content scrapers
    Data modeling and validation
    {
    deviceType: “angus phone”,
    location: “the house”,
    message: “eating”,
    }

    {
    deviceType: “angus phone”, {
    message: “eating”, "type” : "object",
    }
    "required” : [ "deviceType", "location" ],
    "properties” : {
    "deviceType” : { "type" : "string” },
    {
    location: “the house”, "location” : { "type" : "string” },
    message: “eating”, "message" : { "type" : "string” }
    }
    }
    }
    {
    deviceType: “angus phone”,
    location: “the house”,
    }

    {
    deviceType: “angus phone”,
    location: “the house”,
    message: { success: true }
    }
    Data modeling and validation

    =
    {
    deviceType: “angus phone”,
    location: “the house”,
    message: “eating”,
    }

    !=
    {
    deviceType: “angus phone”, {
    message: “eating”, "type” : "object",
    }
    "required” : [ "deviceType", "location" ],
    "properties” : {

    !=
    "deviceType” : { "type" : "string” },
    {
    location: “the house”, "location” : { "type" : "string” },
    message: “eating”, "message" : { "type" : "string” }
    }
    }
    }

    =
    {
    deviceType: “angus phone”,
    location: “the house”,
    }

    !=
    {
    deviceType: “angus phone”,
    location: “the house”,
    message: { success: true }
    }
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Phase two summary
    Phase two summary
    AWS Cloud

    Amazon
    Cognito

    Throttling and validation


    Resource policy
    GetFunction

    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Meet Rufus and Beatrice

    • New family members


    • Same goals for tracking
    • Need a simple device

    Image Source: https://pixabay.com/vectors/boy-comic-characters-dad-daughter-1299084/


    Challenge
    Simple phone-location service can
    be too chatty

    https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
    Solution: API key
    Require an API key
    and a usage plan Client/method Client Method Account

    • API key allows devices to


    connect to API 10,000 rps

    • Data plan throttles


    connections
    Challenge
    Simple phone cannot modify
    outgoing payload

    https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
    Solution: Transform the data
    {
    deviceType: “”,
    location: “”,
    Current
    message: “”, schema
    }

    {
    deviceId: “”, Device
    geoCoord: “”, schema
    }

    https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
    Where to handle the transformation?
    AWS Cloud

    Amazon
    Cognito

    Resource policy
    GetFunction

    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console
    Option A: Transform at the Lambda function
    AWS Cloud

    Amazon
    Cognito

    Resource policy
    GetFunction

    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console

    Mobile client
    Option B: Transform at the API Gateway
    AWS Cloud

    Amazon
    Cognito

    Resource policy
    GetFunction

    https://api.domain.com/iot
    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console

    Mobile client
    Solution: Mapping template

    {
    { deviceType: “”,
    deviceId: “”, location: “”,
    geoCoord: “”, message: “”,
    } }
    Solution: Mapping template

    {
    { #set($inputRoot = $input.path('$’))
    deviceType: “”,
    deviceId: “”, {
    ”deviceType": $inputRoot.deviceId, location: “”,
    geoCoord: “”, message: “”,
    ”location": $inputRoot.geoCoord,
    } ”message”: “NA” }
    }

    Using mapping templates allows you to


    reformat data as needed
    More with mapping templates
    AWS Cloud

    Amazon
    Cognito

    Resource policy
    GetFunction

    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console
    More with mapping templates
    AWS Cloud

    Is this even needed?


    Amazon
    Cognito

    Resource policy
    GetFunction

    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console
    Service integration
    AWS Cloud

    transform transport
    Amazon
    Cognito
    Director, Product Mgmt., AWS Serverless Applications

    Resource policy

    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console
    Service integration request mapping template

    Client RecordsTable
    API Gateway

    {
    • GET request converted "TableName" : "FamilyBackend-Table"
    to POST for DynamoDB }

    • Request mapping
    converts to DynamoDB
    scan request
    Service integration response mapping template

    Client RecordsTable
    API Gateway

    #set($inputRoot = $input.path('$'))
    • Response mapping [
    template converts data #foreach($elem in $inputRoot.Items) {
    "deviceType":"$elem.deviceType.S",
    from DynamoDB schema "location": "$elem.location.S",
    "message": "$elem.message.S",
    "timestamp": $elem.timestamp.N,
    "id": "$elem.id.S"
    }
    #if($foreach.hasNext),
    #end
    #end
    ]
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Phase three summary
    Phase three summary
    AWS Cloud

    Amazon
    Cognito

    Resource policy

    https://api.domain.com/iot
    Client RecordsTable
    API Gateway

    AWS WAF PostFunction

    AWS Amplify
    Console
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Final thoughts
    • Base website • API key/usage plan
    • Authentication/authorization • Mapping templates
    • Throttling • Service integration
    • Resource policies
    • AWS WAF
    Final thoughts
    • Base website • API key / usage plan
    • Authentication/authorization • Mapping templates
    • Throttling • Service integration
    • Resource policies
    • AWS WAF

    And … we used AWS SAM for most of it!


    Final thoughts
    Convert OpenAPI 3 to Swagger

    Export to Swagger Import from OpenAPI 3

    OpenAPI 3
    Swagger

    When complicated configurations


    go beyond AWS SAM, build it in the
    Import from Swagger Export to OpenAPI 3
    console first and export to
    OpenAPI or toSwagger
    Convert Swagger OpenAPI 3

    JSON YAML
    Postman API Gateway
    Extensions Extensions
    Final thoughts
    Convert OpenAPI 3 to Swagger

    Export to Swagger Import from OpenAPI 3

    OpenAPI 3
    Swagger

    Import from Swagger Export to OpenAPI 3

    Convert Swagger to OpenAPI 3

    JSON YAML
    Postman API Gateway
    extensions extensions
    Learn serverless with AWS Training and Certification
    Resources created by the experts at AWS to help you learn modern application development

    Free, on-demand courses on serverless, including


    • Introduction to Serverless • Amazon API Gateway for
    Development Serverless Applications
    • Getting into the Serverless • Amazon DynamoDB for Serverless
    Mindset Architectures
    • AWS Lambda Foundations

    Additional digital and classroom trainings cover modern


    application development and computing

    Visit the Learning Library at https://aws.training

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Thank you!
    Eric Johnson
    @edjgeek

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    You might also like