API Gateway

Question 1

What is API Gateway

Answer 1

Fully managed service
Allows you to publish, maintain, monitor, and secure your
RESTful APIs.
Serves as the entry point for your back-end services that are powered by :
* AWS Lambda
* Amazon EC2
* Amazon ECS
* AWS Elastic Beanstalk
* or any web application.

Question 2

What are the sections of the data from to and from the client through API gateway?

Answer 2

• Method Request
• Integration Request
• Integration Response
• Method Response

Question 3

What does the Method Request section do?

Answer 3

• Where client requests are validated
• Setup authorization type: AWS_IAM, NONE, Lambda Authorizer, Cognito Authorizer
• Enable usage of API keys
• Setup Request body validator using a Lambda function
• You can declare any input body, query string parameters and HTTP headers that your API can accept

Question 4

What does the Integration Request section do?

Answer 4

Contains settings about :
* how API Gateway communicates with the backend of your choosing (Lambda function, HTTP endpoint, Mock, AWS Service, VPC Link)
* the Integration type (Proxy or non-proxy) that API Gateway uses
* Mapping templates for non-proxy integration.

Question 5

What is the Integration Response

Answer 5

Only applies to non-proxy integration
Intercepts the result returned from the backend before it’s returned to the client
At least one integration response is required. The default is Passthrough (return as-is)
Transform into another format (base64 or text)
Similar to integration request, you can transfor the response data before it’s returned to the client

Question 6

What is the method response?

Answer 6

Where you can define which HTTP headers the method can return

Question 7

What are mapping templates?

Answer 7

• They allow you to MODEL the structure of the request data that gets forwarded to the backend
• You can also transform backend response data before it’s returned to the client

Question 8

What are the API types that API gateway supports?

Answer 8

REST APIs, HTTP APIs, Websocket APIs

Question 9

What are REST APIs?

Answer 9

• The API you use for standard use cases
• More expensive than HTTP
• Allows for more control and flexibility
• Allows you to configure Caching, API keys, usage plans

Question 10

What are HTTP APIs

Answer 10

• Designed for simple use cases
• Cheaper than REST APIs
• Lacks other API Gateway features

Question 11

What are websocket APIs?

Answer 11

• For real-time applications :
• Chat applications
• Trading applications

Question 12

What is the difference between proxy and non-proxy integrations?

Answer 12

Proxy

• requests are transmitted as-is between client and backend, including any headers or query parameters.
• For responses, your backend is responsible for returning the responses status code, headers and payload to the client.

Non-Proxy
* API Gateway has control over data formatting to and from the backend
* Instead of passing the entire request data, you can use mapping templates to filter at the Integration Request level

Question 13

What are stage variables?

Answer 13

• Key-pairs that your API can access at run time
• Allow you to perform Canary releases
• In youre stage you can use stage variables to dynamically point to different endpoints (like lambda aliases)
• This can be configured in the canary settings of your stage

Question 14

What is a canary release?

Answer 14

• Allows you to use the same API Gateway state and route a % of traffic to different endpoints.
• e.g in the prod stage you can route 10% of traffic to a new lambda alias using stage variables

Question 15

What are mapping templates?

Answer 15

They can be used to transform requests and responses

Question 16

In what type of API gateway configuration can you use mapping templates?

Answer 16

Non-proxy

Question 17

Give two examples of using mapping templates

Answer 17

• Creating a child resource path and using a mapping template to filter responses to match the resource path
• Transforming requests/responses to/from legacy protocols like SOAP/XML

Question 18

What is a common problem with API caching?

Answer 18

Data is out of sync between the cache and the backend data source

Question 19

How does API Gateway cache data become out of date?

Answer 19

Data is not refreshed until the TTL setting on the cache expires

Question 20

What can you do to invalidate the cache?

Answer 20

• Include a Cache-Control header with max-age=0 in the GET request.
• headers: {‘Cache-Control’: ‘max-age=0’}

Question 21

What is CORS and what is it used for?

Answer 21

• Cross-Origin Resource Sharing
• A security mechanism that forces browsers to relax the restrictive same-origin policy

Question 22

How does CORS work?

Answer 22

• The backend response needs to include access-control headers to let the browser know that an application authorizes certain sites and methods when the browser makes a preflight OPTIONS request.
• The Access-Control-Allow-Origin header is a list of allowed domains. The Access-Control-Request-Method header lists the allowed methods (like GET).

Question 23

Where is CORS configured in API Gateway?

Answer 23

• For non-proxy - in the Integration Response section header mappings.
• For proxy, the backend response must include the headers

Question 24

What types of Authorizors does API Gateway support?

Answer 24

• Cognito User Pool Authorizers
• Lambda Authorizers

Question 25

What is the difference between cognito authorizers and lambda authorizers?

Answer 25

• Cognito authorizers are used to return a JWT in a customer header from the client
• Lambda authorizers take a bearer token from an API gateway GET request. API gateway checks if a lambda authorizer has been enabled for the methid and if so calls the lambda function to authorize the request. If successful lambda returns output containing at least one IAM policy and principle identifier.

Question 26

Which is the easiest authorizer to implement?

Answer 26

Cognito user pool authorizers. Lambda authorizers require more development than cognito authorizers

Question 27

What are API Gateway Usage Plans?

Answer 27

• Think throttling, access limitations
• A feature that helps you control different levels of acess to an API.
• Each usage plan can be used to set distinct throttling and quota limitations based on a subscription which is enforced on specific client API tokens. e.g. Basic, standard, premium plan

Question 28

For troubleshooting API Gateway errors, what can you turn on?

Answer 28

Use Cloudwatch access logging and execution logging

Question 29

What is the difference between access logging and execution logging?

Answer 29

• Access logging gives you one entry for each access request.
• Execution logging is verbose and can cost more, so should be used for troubleshooting specific issues.
  *

Question 30

What sort of metrics does cloudwatch have for API Gateway?

Answer 30

The AWS/API GatewayNamespace has the following metrics:
* cache hit/miss counts
* HTTP4.x client side and http5.x server side
* COUNT - total no of API requests
* Integration Latency - Time between API gateway request and backend response (millisecond)
* Latency - end-to-end response (within AWS) from API Gateway request to sending response back to client. This includes the Integration latency and other API gateway overhead (millisecond)