API Gateway

Question 1

What is API Gateway? What are its key features and benefits?

Answer 1

AWS API Gateway is a fully managed service by Amazon Web Services that allows you to create, publish, maintain, monitor, and secure REST, HTTP, and WebSocket APIs at any scale.

Key Features of AWS API Gateway:
1. AWS Lambda + AWS API Gateway - no infrastructure to manage
2. Support for WebSocket protocol
3. Handle API versioning (v1, v2 …)
4. Handle different environments (dev, test, prod)
5. Handle security (Authentication & Authorization)
6. Create API keys, handle request throttling
7. Swagger/OpenAPI import to quickly define APIs
8. Transform and validate requests and response
9. Generate SDK & API specification
10. Cache API responses

Question 2

What all could be integrated with an APIGateway ?

Answer 2

1. Lambda Function
   Invoke Lambda functions
   Easy way to expose REST api backed by AWS services
2. HTTP
   Expose HTTP endpoints in the backend
   Example: internal HTTP api on premise, Application Load Balancer
   Why? Add rate limiting, caching, user authentications, API keys, etc
3. AWS Service
   Expose any AWS API through the API gateway
   Example: start an AWS step function workflow, post a message to SQS

Client -> API Gateway -> Kinesis Data Streams -> Kinesis Data Firehose -> S3

Question 3

What are different end points of an API Gateway?

Answer 3

1. Edge Optimised (default) for global clients
   Requests are routed through the CloudFront edge locations (improves latency)
   The API Gateway still lives in only one region
2. Regional
   For clients within the same region
   Could manually combine with CloudFront (more control over caching strategies and the distribution)
3. Private
   Can only be accessed through VPC using an interface VPC endpoint (ENI)
   Use a resource policy to define access

Question 4

How to handle security in API Gateway ?

Answer 4

User authentication through
IAM roles (useful for internal applications)
Cognito (identity for external users - example mobile users)
Custom Authorizer (own logic)

Custom Domain Name HTTPS security through integration with AWS Certificate Manager (ACM)
If using edge Optimised endpoint, then the certificate must be us-east-1
If using regional endpoint, the certificate must be in the API Gateway region
Must setup CNAME or A-alias record in S3

Question 5

What are different deployment stages in API Gateway? What are stage variables?

Answer 5

1. Making changes in the API Gateway doesn’t mean they are effective
2. You need to make deployment for them to be in effect
3. It’s common source of confusion
4. Changes are deployed to “Stages”
5. Use the naming you like for stages (dev, test, prod)
6. Each stage has it’s own configuration parameter
7. Stages can be rolled back as a history of deployment is kept

Stage Variables
1. Stage variables are like environment variables for API gateway
2. Use them to change often changing configuration values
3. They can be used in
Lambda function ARN
HTTP endpoint
Parameter mapping templates

Use Cases
1. Configure Http endpoints your stages talk to (dev, test, prod)
2. Pass configuration parameters to AWS Lambda through mapping templates

Stage variables are passed to the context object in AWS Lambda

Format to access stage variables in API Gateway ${stageVariables.variableName}

Lambda Aliases
1. We create a stage variable to indicate the corresponding Lambda alias
2. Our API Gateway will automatically invoke the right Lambda function

Question 6

How to perform Canary deployment on API Gateway?