Scribd Logo
Upload

Welcome to Scribd!

  • API Gateway

    Uploaded by

    Gustavo Adolfo Gamboa Cruz
    81 views35 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    81 views35 pages

    API Gateway

    Uploaded by

    Gustavo Adolfo Gamboa Cruz

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 35

    Amazon API Gateway

    © 2022, Amazon Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates.
    Agenda
    Overview of Serverless
    What is Amazon API Gateway
    API Types
    Amazon API Gateway Features
    Best Practices

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Overview of Serverless

    © 2022, Amazon Web Services, Inc. or its affiliates.


    What does the future look like?

    ALL THE CODE YOU EVER WRITE IS BUSINESS LOGIC

    © 2022, Amazon Web Services, Inc. or its affiliates.


    What is serverless?

    No infrastructure provisioning, Automatic scaling


    no management

    Pay for value Highly available and secure

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Serverless applications span many different categories of
    services

    Compute

    AWS AWS
    Lambda Fargate

    Data stores

    Amazon Simple Amazon Aurora Amazon Amazon


    Storage Service Serverless DynamoDB RDS Proxy
    (Amazon S3)

    Integration

    Amazon Amazon Amazon AWS AWS Amazon


    API Gateway Simple Queue Simple Step Functions AppSync EventBridge
    Service Notification
    (Amazon SQS) Service
    (Amazon
    SNS)
    © 2022, Amazon Web Services, Inc. or its affiliates.
    What is Amazon API
    Gateway?

    © 2022, Amazon Web Services, Inc. or its affiliates. 7


    Application Programming Interface (API)


    “ In building applications, an API simplifies programming by abstracting the underlying
    implementation and only exposing objects or actions the developer needs.
    Request

    Client API Web Server Database


    Response

    Web-based companies and services offer APIs for developers to use, such as:
    • Social Networks – Facebook, Twitter, etc
    • Payment Processing – Amazon Pay, PayPal, etc
    © 2022, Amazon Web Services, Inc. or its affiliates. https://en.wikipedia.org/wiki/Application_programming_interface
    Amazon API Gateway

    Amazon API Gateway is a fully


    managed (serverless) service that makes
    it easy for developers to create, publish,
    maintain, monitor, and secure APIs at
    any scale.

    © 2022, Amazon Web Services, Inc. or its affiliates.


    API Gateway is a front door…

    AWS Cloud

    Amazon AWS Amazon


    API Gateway Lambda DynamoDB

    © 2022, Amazon Web Services, Inc. or its affiliates.


    …which handles common concerns enabling developers to
    focus on business logic

    • Throttling
    • Caching
    • Authorization
    • API Keys
    • Usage Plans
    • Request/Response Mapping

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Endpoint types
    Amazon API Gateway
    Edge-Optimized [REST]
    Utilizes CloudFront to reduce TLS connection overhead (reduces

    Edge-Optimized
    Fully-managed
    CloudFront
    roundtrip time) Distribution
    Designed for a globally distributed set of clients

    Regional [BOTH]
    Recommended API type for general use cases
    Designed for building APIs for clients in the same region

    Regional
    Private [REST]
    Only accessible from within VPC (and networks connected to VPC)

    Private
    Designed for building APIs used internally or by private microservices

    © 2022, Amazon Web Services, Inc. or its affiliates.


    API Architecture
    Lambda
    Functions

    Amazon API Gateway


    Public
    Endpoints on
    Fully-managed Amazon EC2

    Edge-Optimized
    Mobile client
    CloudFront API Gateway Cache
    Distribution
    HTTPS Any other AWS
    service

    Websites
    All publicly accessible
    endpoints
    Customer-managed
    CloudFront Distribution

    Regional
    Services
    Endpoints
    Applications in VPC
    & Services
    in the same
    AWS Region AWS Direct
    Connect
    Private

    Applications
    & Services Amazon
    in VPC CloudWatch On-premises
    Monitoring
    © 2022, Amazon Web Services, Inc. or its affiliates.
    API Types

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Supported Protocols

    RESTful APIs WebSocket APIs

    Client Client

    • Request / Response • Serverless WebSocket


    • HTTP Methods like GET, POST, etc • 2 way communication channel
    • Short-lived communication • Long-lived communication
    • Stateless • Stateful

    © 2022, Amazon Web Services, Inc. or its affiliates.


    RESTful APIs

    • Two flavors: REST API and HTTP API


    • REST API is more feature rich
    • HTTP API is built from the ground up:
     Faster – up to 60% faster
     Lower cost – up to 71% less expensive
     Easier to use

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Amazon API Gateway
    Features

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Authorization

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Types of authorization

    WAF
    Mutual TLS
    Cognito User Pools
    IAM + Resource Policies
    Lambda Authorizers
    JWT
    © 2022, Amazon Web Services, Inc. or its affiliates.
    Throttling and Usage Plans
    Rest only

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Throttling and usage plans

    • Protect backend systems


    • Prevents one customer from consuming all your backend system’s capacity
    • Let’s you decide how to allocate capacity among your API consumers with quotas
    and request rates. Example:

    Professional plan users: Enterprise plan users:


    10 RPS, up to 100 calls / day 500 RPS, no limit on calls / day

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Four levels of Throttling
    * Requires Rest & API Keys and Usage Plans

    Per client Per Per Per


    User’s Usage Plan & method* Client* method account

    Mobile client Websites

    Partner Usage Plan

    Partner Authorized Mobile


    Websites client

    Services Usage Plan

    Service

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Validation and Transformation
    Rest only

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Validation & Transformation

    • Validations
     The required request parameters in the URI, query string, and headers of an incoming
    request are included and non-blank.
     The applicable request payload adheres to the configured JSON schema request model
    of the method.
    • Transformations
     Transform request to match expected format from backend
     Transform response from API to match expected format for front end
     Override request and response parameters based on message body
     Override response status code

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Stages and Versioning

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Stages

    API Gateway enables you to set stage • APIs are deployed to staging environments.
    variables, allowing the same API to point
    to different backends. You choose what to name them.

    Your APIs are versioned and can be rolled • For example, these environments:
    back.
    Dev (e.g., example.com/dev)

    Beta (e.g., example.com/beta)

    Prod (e.g., example.com/prod)

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Stages
    API Gateway Lambda function

    Stages v0.0.1
    Stage variable = lambdaAlias
    v0.0.2
    aliases v0.0.3
    Prod stage
    lambdaAlias = prod prod v0.0.4
    v0.0.5
    Beta stage beta
    v0.0.6
    lambdaAlias = beta
    dev v0.0.7
    Dev stage v0.0.8
    lambdaAlias = dev v0.0.9

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Canary Releases [REST]

    My API My API

    Amazon Amazon
    CloudWatch CloudWatch

    Prod Canary Prod+1 Canary


    (Prod+1)
    © 2022, Amazon Web Services, Inc. or its affiliates.
    Observability

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Logging

    • Execution Logs [REST]


     Two levels of logging, ERROR and INFO
     Optionally log method request/body content
     Set globally in stage, or override per method
     CloudWatch Logs

    • Access Logs
     Customizable format for machine parsable logs (CLF, JSON, XML, CSV)
     CloudWatch Logs OR Kinesis Firehose

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Metrics
    • Built-in • Custom
    • REST
     API Calls Count, Latency, 4XXs, 5XXs, • Create Custom Metrics via Metric Filter
    Integration Latency, Cache Hit Count, Cache out of logs
    Miss Count
    • HTTP
     API Calls Count, Latency, 4XXs, 5XXs,
    Integration Latency, DataProcessed
    • WebSocket
     Connect Count, Message Count, Integration
    Error, Client Error, Execution Error,
    Integration Latency

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Tracing – X-Ray

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Best Practices

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Best Practices

    • Ensure you apply security features.


    • Do not hard code settings. Use stage variables.
    • Set appropriate retention policy for CloudWatch Logs. REST API’s can
    emit logs to Kinesis Data Firehose
    • Create an API per team/microservice and unify them with Custom Domain
    Name

    © 2022, Amazon Web Services, Inc. or its affiliates.


    Thank you!

    © 2022, Amazon Web Services, Inc. or its affiliates. © 2022, Amazon Web Services, Inc. or its affiliates.

    You might also like