Please enable JavaScript.
Coggle requires JavaScript to display documents.
API Gateway - Coggle Diagram
API Gateway
General
- You can create API Gateway to export your lambda or api
- No infrastruture to manage
- Handle API version
- Multple environments (dev, prod, test and etc)
- Security
- Swagger (you can import it from the swagger for example)
- Transform and validate requests and responses
- You can create API keys, handle request throttling
- Cache API responses
- Generate SDK and API specifications
Ways to use API Gateway
- Lambda function to expose REST API
- HTTP (ALB and etc)
- AWS Service (expose any aws service for example AWS Step Function Workflow to post some message to SQS)
Ways to deployment
- Edge Optimized (default and global)
- Regional (same region)
- Private (it's not public, and you only can access it inside your VPC)
Security
- IAM ROLE (internal)
- External users Amazon Cognito
- Custom Authorizer (lambda function)
- HTTPS using ACM
Deployment Stages
- Not affect until you did the deployment
- Every change that you make you need to do a deployment to see the change
- You can make a deployment in any stage (dev, prod, test and etc)
- You can have two stages at the same time. for example v1 and v2 (using new url)
Stage Variables
- environment variables for api gateway
- it can be used in lambda, http endpoint, parameter mapping templates
- This stage is going to pass to the context to you use it
- Format stage variable ${stageVariable.variableName}
Stave variable and lambda aliases
- You can define some lambda alias and with it you can use to send the requests to the lambada without changing the api gateway
- You can define percentage to send the requests as well
API Gateway - Canary Deployment
- Enalbe canary deployment in the prod
- You can use it to test the new version in pro
- You send some % traffic to the new version and after that you can move 100% of the traffic to the new version
- You can check logs and etc in cloud watch logs
- This is blue / green deployment with aws lambda and api gateway
Integration Types
- Integration type MOC You can Mock the response
- Integration type HTTP / AWS
- You can map templates for the request and response (change before and after the request and resposnse)
- Integration AWS_PROXY (Lambda)
- You can't use the mapping
- headers, query string parameters are passed as arguments
- Pass direct to the backend
Mapping Templates
- You can use it to modify the request and response
- It only works with integration type HTTP / AWS
- You can modify the body, add headers, modify query string parameters
- You can use VTL for making loop, if and etc
- You can use it to filter data
- Content-Type must have set up
- You can use this mapping to convert xml to json (good example to study)
API Gateway - Open API
- Open API is specification to REST API (using API definition as code)
- OpenAPI 3.0
- Method
- Method request
- Integration request
- Method Response
- AWS extensions for API gateway and setup every single option
- Can export current API as openAPI spec
- You can write it using YAML or JSON
- You can Use OPEN API To generate SDK for our applications
Request validation
- You can use it to make some validation
- This way you are going to reduce unnecessary calls to the backend
- You can check the body, headers, query string and etc
- you need to create a json schema for the model of the method
Caching API responses
- Reduces the number of calls made to backend
- TTL is 300 seconds (default) (min: 0, max 3600s)
- Caches are defines per stage
- Possible to override the cache settings per method
- Cache encryption option
- Cache capacity between 0.5Gb to 237Gb
- Cache is expensive (use it only in prodution)
Cache invalidation
- You can invalidate the cache using the UI
- You can invalidate the cache using some value in the header. For example Cache-Control:max-age=0 (with IAM ROLE correctly)
Usage Plans and API keys
- Who can access one or more deployed API stages and methods
- How much and how fast they can access them
- Uses API keys to identify clients and meter access
- Configure throttling limits and quota limits that are enforced on individual client
Keys
- string to distribute to your customers
- Quota limits are the overall number of maximum requests
- Security to access the API
- You need to use the key in the header to request work (X-API-Key)
CloudWatch logs
- You can see request and response
- You can see the level
- You can override settings on a per API basis
X-Ray
- Enable tracing to get extra information about the requets in API Gateway
- X-Ray API Gateway + AWS Lambda gives you the full picture
CLoudWath Metcs
- CacheHitCount and CacheMissCount (efficiency of the cache)
- Count (total number API request)
- IntegrationLantency (the time between API Gateway to backend)
- Latency (the time between API Gateway to client)
- 4XXError (client-side) and 5XX (server-side)
Gateway Throttling
- Default 10000rps (all apis)
- You can increase this limit requesting to aws
- 429 Too Many Requests (retriable)
- Stage limit and methods limits to improve performance
- Or you can define usage plans to throttle per customer
- If you have some API consuming too many requests you can get throttled error (iqual as Lambda)
Errors
- 4xx client side erros
- 400 bad request
- 403 access denied
- 429 quota exceeeded
- 5xx means server errors
- 502 bad gateway
- 503 service unvailable exception - 504 integration failure (request timeout 29 seconds maximum)
CORS
- It must be enabled when we receive api calls from another domain
- You need to use this headers Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Origin
- The CORS is going to create preflight request/response to api gateway before to make the real request
- Enable it in the console
- For example S3 -> Web Browser -> Api gateway
Security
- IAM permissions access the api gateway
- IAM policy authorization and attach to user / ole
- Leverage Sig v4 capability where IMA credentials are in headers
Resources policies
- Similiar lambda
- Allow for cross account access
- Allow IP address or VPC endpoint
Cognito User Pools
- Database of users
- Generate token for each user
- We are going to use this token to comunicate with api gateway
- Must implement authorization in the backend
Lambda Authorizer
- Custom authorizers (bearer token as JWT)
- Request with headers and etc
- You need IAM policy as well
HTTP API vs REST APIHTTP API
- low-latency, cost-effective, aws lambda proxy, http proxy apis and private integration (no data mapping)
- support OIDC and OAuth 2.0 authorization, and CORS
- No usage plans and API Keys
REST API
Note: HTTP is cheaper than REST APIWebSockect API
- Two-way interactive communication between client and server
- Stateful
- Real time applications (chat and etc)
- Works wit aws services (lambda, dynamodb or http endpoint)
WebSocket URL (connect)
wss://<id>.execute.api.<region>.amazonaws.com/<stage-name>Re-used
wss://<id>.execute.api.<region>.amazonaws.com/<stage-name>Routing
- Default route
- You can select the route based on the json