Amazon API Gateway - Notes for CSAA examination

What is Amazon API Gateways?

  • A managed AWS service to develop, deploy and manage secure APIs at any scale
  • Provides consistent RESTful APIs for mobile and web applications to access AWS services, Amazon S3 or Amazon Lambda, Amazon DynamoDB or any other AWS services
  • It provided a well-integrated platform to a developer to develop the web or Mobile application which is APIs based for backend in AWS cloud. This supports both development community, APIs based web or Mobile application developer or APIs' developer
  • Provide Seamless front door capability to manage all APIs calls to resource which is inside AWS or Out side AWS
  • Forms app-facing part in serverless architecture framework

Create and Manage an API Gateway API

  • Create, Configure and deploy, these are the APIGateways components
  • Each APIs consists of Resource and Method, resource is just a logical entity, can access through resource path
  • A resource and HTTP operation (GET, POST, PUT, DELETE and PATCH) combination is called a APIs Method, for example, POST/update-Customer to update Customer detail to Database or GET/list-Customer to get list of Customer from Database
  • A Method is a RESTful API request submitted by the user and corresponding response received by the User
  • The APIs interfaces with the backend, When the APIs request has been submitted, it will forward to the corresponding backend. Based on input received, backend will return the response accordingly
  • For processing the APIs incoming request, development must specify the actions, IAM roles, and policy and required input data transformations
  • There must be a defined Schema or model for payload associated with APIs to facilitate setting up the request and response body
  • There are many ways create and manage APIs using API gateways, AWS Managment console, by calling of APIs Gateway RESTful APIs which can be used from CLI, AWS SDK.AWS Cloudformation or API Gateway Extensions to Swagger can be used to create APIs. 
  • Important - Need to check the list of region where APIs Gateway and the associated control service endpoints, both are available to use
  • Developers use "execute-api" APIs Gateway service components to invoke the APIs which is deployed on APIs gateways
  • Developer use "apigateways" APIs Gateway service components to create, manage and deploy APIs

Benefits of API Gateway

  • Helps to deliver robust, secure and scalable backend for the web or mobile applications
  • Provides secure interfaces between the Web and Mobile applications to their backends resources, inside or outside AWS
  • Managed service, so no need to develop and maintain infrastructure to handle authorization and access control, traffic management, monitoring and analytics, version management, and software development kit (SDK) generation
  • API Gateway is designed to provide robust, secure and scalable backend developed in house or by the third party. The business logic behind the APIs can be provided by public accessible endpoint that is called as API Gateway proxies call or can be run as a lambda function

API Gateway API

  • A collection of resources and Methods that integrated with HTTP endpoint based backends, or a Lambda function or Amazon S3 or any other AWS services
  • Importantly, the collection can be deployed on one or more stage (environments like Dev, Test or Prod). Methods associated with registered common domain name can be invoked through front end HTTP endpoints
  • User must have permission to invoke method using IAM roles and Policy or API Gateway custom authorizers
  • Backend can authenticate the APIs can by presenting certificates

API Deployment and Stage

  • An API deployment is a point-in-time snapshot of the API Gateway API resources and methods
  • A stage can be used to identify the version or environment. The Stage is logical reference of APIs lifecycle, consists of an API ID and stage name

Method request

  •  A public interface of APIs in API Gateways that defines contact Schema signature and body template for request and response
    • Integration request: to Map parameters and body of a method request into the formats required by the backend
    • Integration response: to map the response data including, Status code, headers, and payloads

Proxy integration (A special path parameter denoted as {proxy+})

  • This simplifies the API Gateways configuration by integration a proxy as HTTP proxy integration type or a Lambda proxy integration type
  • HTTP proxy integration type - API Gateway passes the entire request and response between the front end and an HTTP backend. To set up a proxy resource with the HTTP proxy integration type, create an API resource with a greedy path parameter (e.g., /customer/{proxy+}) and integrate this resource with an HTTP backend endpoint (e.g.,{prox n ANY method. The greedy path parameter must be at the end of the resource path.
  • Lambda proxy integration type- API Gateway sends the entire request as an input to a backend Lambda function and then transforms the Lambda function output to a frontend HTTP response
  • Proxy integration commonly used with proxy resources like Amazon S3 and other AWS resources
  • In addition to exposing Lambda functions or HTTP endpoints, can also be created an API Gateway API as a proxy to an AWS service, such as Amazon SNS, Amazon S3, Kinesis, enabling your client to access the backend AWS services through APIs

IAM roles Permission

  • Must have appropriate IAM policy provisioned with permissible access rights to the API Gateway control service
  • Must set up the right IAM policy to allow the clients to call the API Gateway execution service to permit API clients to invoke API in API Gateway
  • To allow API Gateway to invoke an AWS service in the backend, API Gateway must have permissions to assume the roles required to call the backend AWS service
  • When an API Gateway API is set up to use AWS IAM roles and policies to control client access, the client must sign API Gateway API requests with Signature Version 4


Popular posts from this blog

AWS Identity and access management (IAM)