API Gateway

Question 1

Wath are API Gateway integrations at a high level?

Answer 1

• Lambda function: Easy way to expose REST API
• HTTP: Internal HTTP API on-prem, ALB
• AWS Service: Any AWS API, i.e. start a Step Function workflow

Question 2

What are API Gateway endpoint types?

Answer 2

• Edge-Optimized (default)
• Regional
• Private

Question 3

What is API Gateway Edge-Optimized endpoint type used for?

Answer 3

For global clients
o Requests are routed through the CloudFront Edge locations (improves latency)
o The API Gateway still lives in only one region

Question 4

What is API Gateway Regional endpoint type used for?

Answer 4

o For clients within the same region

o Could manually combine with CloudFront (more control over the caching strategies and the distribution)

Question 5

What is API Gateway Private endpoint type used for?

Answer 5

o Can only be accessed from your VPC using an interface VPC endpoint (ENI)
o Use a resource policy to define access

Question 6

What are API Gateway Deployment Stages?

Answer 6

• Making changes in the API Gateway does not mean they’re effective
• You need to make a “deployment” for them to be in effect
• Changes are deployed to “Stages” (as many as you want)
• Use the naming you like for stages (dev, test, prod)
• Each stage has its own configuration parameters
• Stages can be rolled back as a history of deployments is kept

Question 7

What are API Gateway stage variables?

Answer 7

• Stage variables are like environment variables for API Gateway
• Use them to change often changing configuration values

Question 8

Where can be used API Gateway stage variables?

Answer 8

They can be used in:
o Lambda function ARN
o HTTP Endpoint
o Parameter mapping templates

Question 9

What are API Gateway stage variables use cases?

Answer 9

o Configure HTTP endpoints your stages talk to (dev, test, prod…)
o Pass configuration parameters to AWS Lambda through mapping templates

Question 10

Set an example of using a API Gateway stage variable in a Lambda function context

Answer 10

LAMBDA_FUNCTION:${stageVariables.STAGE_VAR}

Question 11

What you need to do in CLI when you set your API Gateway in front of Lambda Function as a stage variable?

Answer 11

You need to run a command in your CLI to update your Lambda resource-based policy
Run that command for each defined N alias, this will create N resource-based policies, one per each alias.

Question 12

Where are API Gateway configurations available?

Answer 12

at stage level

Question 13

What possibility you have regarding API Gateway deployments?

Answer 13

Possibility to enable canary deployments for any stage (usually prod)

Question 14

How does work API Gateway Canary deployment?

Answer 14

• Choose the % of traffic the canary channel receives
• This is blue / green deployment with AWS Lambda & API Gateway
• Possibility to override stage variables for canary
• Metrics & Logs are separate (for better monitoring)

Question 15

What are 4 API Gateway integration types?

Answer 15

• Mock
• HTTP / AWS (Lambda & AWS Services)
• AWS Proxy (Lambda Proxy)
• HTTP Proxy

Question 16

What is API Gateway Mock integration type?

Answer 16

API Gateway returns a response without sending the request to the backend

Question 17

What is API Gateway HTTP / AWS integration type?

Answer 17

o you must configure both the integration request and integration response (modify requests and responses)
o Setup data mapping using mapping templates for the request & response

Question 18

What is API Gateway AWS Proxy integration type?

Answer 18

o incoming request from the client is the input to Lambda
o The function is responsible for the logic of request / response
o No mapping template, headers, query string parameters… are passed as arguments

Question 19

What is API Gateway HTTP Proxy integration type?

Answer 19

o No mapping template
o The HTTP request is passed to the backend
o The HTTP response from the backend is forwarded by API Gateway

Question 20

What are API Gateway Mapping templates?

Answer 20

• Mapping templates can be used to modify request / responses
• Rename / Modify query string parameters
• Modify body content
• Add headers
• Filter output results (remove unnecessary data)

Question 21

What language is used by API Gateway Mapping Templates?

Answer 21

Velocity Template Language VTL

Question 22

What can you use to import / export API Gateway Rest APIs?

Answer 22

• Swagger

- OpenAPI

Question 23

What are API Gateway Cache TTL range values?

Answer 23

Default TTL is 5 minutes (min: 0s, max: 1 hour)

Question 24

Where do you define API Gateway cache?

Answer 24

at stage level, but it is possible to override cache settings (disable, enable, modify TTL, etc.…) per method

Question 25

What is API Gateway cache range capacity?

Answer 25

0.5 GB - 237 GB

Question 26

How much does API Gateway cache cost?

Answer 26

Cache is expensive, makes sense in production, may not make sense in dev / test

Question 27

It is API Gateway cache encrypted?

Answer 27

you have the option to encrypt it

Question 28

How can API Gateway cache be invalidated?

Answer 28

Clients can invalidate the cache with header: Cache-Control: max-age=0 + proper IAM authorization

Question 29

What can happen if you don't specify an API Gateway invalidation policy?

Answer 29

If you don't impose an InvalidateCache policy (or choose the Require authorization check box in the console), any client can invalidate the API cache which can result in a disaster

Question 30

What option do you have if you want to expose your API (Gateway) as an offering to your customers?

Answer 30

You can define an Usage plan

Question 31

What can you define in an API Gateway Usage plan?

Answer 31

o who can access one or more deployed API stages and methods o how much and how fast they can access them o configure throttling limits and quota limits that are enforced on individual client

Question 32

What are API Gateway API Keys?

Answer 32

alphanumeric string values to distribute to your customers that you can use with usage plans to control access

Question 33

What need to provide callers of an API Gateway that is using an Usage Plan?

Answer 33

Callers of the API must supply an assigned API key in the x-api-key header in requests to the API

Question 34

What is used by API Gateway to log and trace?

Answer 34

CloudWatch Logs and X-Ray

Question 35

At what level can you enable API Gateway logging?

Answer 35

at the stage level, can override settings on a per API basis (ERROR, DEBUG, INFO)

Question 36

Can you use metrics in API Gateway?

Answer 36

CloudWatch Metrics are by stage, possibility to enable detailed metrics

Question 37

What are 5 more important API Gateway metrics?

Answer 37

- CacheHitCount - CacheMissCount - Count - IntegrationLatency - Latency - 4XXError (client-side) & 5XXError (server-side)

Question 38

What are CacheHitCount and CacheMissCount metrics in API Gateway?

Answer 38

efficiency of the cache, if CacheHitCount is big then it is efficient

Question 39

What is Count metric in API Gateway?

Answer 39

The total number API requests in a given period.

Question 40

What is Integration Latency metric in API Gateway?

Answer 40

The time between when API Gateway relays a request to the backend and when it receives a response from the backend.

Question 41

What is Latency metric in API Gateway?

Answer 41

The time between when API Gateway receives a request from a client and when it returns a response to the client. The latency includes the integration latency and other API Gateway overhead.

Question 42

What is API Gateway requests throttling quantity?

Answer 42

API Gateway throttles requests at 10000 requests per second across all API Soft limit that can be increased upon request Just like Lambda Concurrency, one API that is overloaded, if not limited, can cause the other APIs to be throttled

Question 43

In case of API Gateway Throttling what error you get?

Answer 43

429 Too many requests (retriable)

Question 44

What can you do to improve performance of API Gateway in terms of throttling?

Answer 44

* Can set Stage limit & Method limits to improve performance * Or you can define Usage Plans to throttle per customer

Question 45

What means API Gateway 4xx and 5xx errors?

Answer 45

4xx means client errors and 5xx means server errors

Question 46

What is API Gateway 400 error?

Answer 46

Bad Request

Question 47

What is API Gateway 403 error?

Answer 47

Access denied, WAF filtered

Question 48

What is API Gateway 502 error?

Answer 48

Bad Gateway Exception, usually for an incompatible output returned from a Lambda proxy integration backend and occasionally for out-of-order invocations due to heavy loads

Question 49

What is API Gateway 503 error?

Answer 49

Service Unavailable Exception

Question 50

What is API Gateway 504 error?

Answer 50

Integration Failure – ex Endpoint Request Timed-out Exception

Question 51

What is API Gateway request timeout?

Answer 51

API Gateway requests timeout after 29 second maximum

Question 52

What you need to enable in API Gateway when you receive requests from another domain?

Answer 52

CORS must be enabled when you receive API calls from another domain through the console

Question 53

What must contain API Gateway to accept CORS requests?

Answer 53

You must create (assisted by API Gateway) an OPTION method which will be used by CORS containing these headers: 1. Access-Control-Allow-Methods 2. Access-Control-Allow-Headers 3. Access-Control-Allow-Origin

Question 54

When will not your API Gateway CORS configuration work?

Answer 54

If you API Gateway is in front of a Lambda Proxy this approach will not work. Instead you need to return the Access-Control-Allow-Origin header from the Lambda itself

Question 55

What methods can you use for security in API Gateway?

Answer 55

- IAM - Cognito User Pools - Custom Authorizer (Lambda Authorizer)

Question 56

What is great for IAM security in API Gateway?

Answer 56

Great for users / roles already within your AWS account, + resource policy for cross account

Question 57

What leverages API Gateway IAM security?

Answer 57

“Sig v4” capability where IAM credential are in headers: Good to provide access to external users

Question 58

How can you allow cross account access in API Gateway?

Answer 58

using Resource Policies combined with IAM Security

Question 59

How does API Gateway IAM security handle Authorization and Authentication?

Answer 59

both are handled by IAM

Question 60

How does API Gateway Custom Authorizer handle Authorization and Authentication?

Answer 60

Authentication = External (up to you) and Authorization = Lambda function

Question 61

How does API Gateway Cognito security handle Authorization and Authentication?

Answer 61

Cognito handles authentication, you must implement authorization in the backend

Question 62

How is API Gateway integrated to Cognito User Pools?

Answer 62

* Cognito fully manages user lifecycle, token expires automatically * API gateway verifies identity automatically from AWS Cognito * No custom implementation required

Question 63

How is API Gateway integrated to Custom Authorizers?

Answer 63

Great for third party Token-based authorizer (bearer token) – ex JWT (JSON Web Token) or Oauth Lambda must return an IAM policy for the user, result policy is cached Very flexible in terms of what IAM policy is returned

Question 64

What are Api Gateway HTTP APIs?

Answer 64

more simple, low cost, Rest APIs are better

Question 65

What feature is not present in API Gateway REST APIs?

Answer 65

Native OpenID Connect / OAuth 2.0

Question 66

What is WebSocket?

Answer 66

1. Two-way interactive communication between a user’s browser and a server 2. Server can push information to the client 3. This enables stateful application use cases

Question 67

What are use cases for API Gateway WebSocket APIs?

Answer 67

real-time applications such as chat applications, collaboration platforms, multiplayer games, and financial trading platforms. Works with AWS Services (Lambda, DynamoDB) or HTTP endpoints