API Gateway
exposes
HTTPS
Restful APIs
connections to serverless
Lambda
DynamoDB
connect to CloudWatch
logs all of your requests
configuration
Define API (container
Define Resources and nested Resources (URL Paths)
for each possible
select supported HTTP Method
set security
choose target
request/response transformation
caching (TTL) of responses
scales automatically
low cost
maintain multiple versions of your API
is at high level
front door to your AWS environment
track and control usage with API Key
throttle requests to prevent attacks
Caching of requests
TTL based
responses are cached
simple returns the same response if same request arrives within TTL
increases performance
XSS attacks prevention is build in but
AWS uses other domains for different services
have to enable CORS on API Gateway to prevent error messages
CORS is enforced by the client
user identification
throtteling
quota management
backed with custom code via Lambda as proxy for other AWS Services or other HTTP API
uses CloudFront in behind
- custom domain
- SNI
- regionally based
- private or edge