Features
- Serverless
- Monitoring
- Authentication
- Throttling
- Web application Firewal
- Custom domain names
How API Gateway works
When user come to your site, API Gateway will get all requests and redriect each request to different service.
AWS API Gateway API Types
REST API
- Regular HTTP API with resources and methods
- Request/Response nature
WebSockets API
- For real-time communication between server and client
- Requires persisten connection
API Gateway architecture
API Gateway also takes care of sending logs to CloudWatch.
Also cache the request, for the same request, it will use cache.
API Gateway targets
Possible targets for an HTTP request processed by API Gateway:
- Lambda Function - call a Lambda function
- HTTP Endpoint - call a public HTTP endpoint
- AWS Service - send a request to an AWS service
- Mock - return a response without calling a backend
- VPC Link - access resource in an Amazon Virtual Private Cloud (VPC)
You can put multi request methods into one single Lambda function, but it is NOT recommended, better way is one method one function.
Endpoint Types
- Edge optimized (Using cloudfront)
- Regional
- Private VPC
Edge optimized Endpoint
Your customers distrubutes accoss the world
Regional Endpoint
Customer in your region
Private VPC Endpoint
Lambda integration modes
- Proxy - passes all request information to a Lambda function. Easier to use.
- Non-proxy - allows to transform incoming request using Velocity Template Language
API Gateway Stage
API Gateway Stage is a logical reference to a lifecycle state of the REST API implementation.
You can read more about API Gateway stages in AWS documentation.
API Gateway Limits
- 10000 requests per second
- Soft linit can be increaed
- 50ms to 29s second timeout
- Hard limit - bounds cannot be changed
API Gateway Caching
- api: InvalideCache (with IAM role)
- max-age=0 (client with IAM)
- cache at stage level
Usage Plan & API KEY
- x-api-key: you need to pass this key with usage plan, otherwise doesn't work
- Usage plan mainly set limited for usage.
X-Ray & CloudWatch
Cloudwatch is stage level.
Ref: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html
After creating your API, you must deploy it to make it callable by your users. To deploy an API, you create an API deployment and associate it with a stage. A stage is a logical reference to a lifecycle state of your API (for example, dev, prod, beta, v2). API stages are identified by the API ID and stage name. Every time you update an API, you must redeploy the API to an existing stage or to a new stage. Updating an API includes modifying routes, methods, integrations, authorizers, and anything else other than stage settings.
AWS Security Token Service (STS) - AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). However, it is not supported by API Gateway.
Lambda Authorizer - Lambda authorizers are Lambda functions that control access to REST API methods using bearer token authentication—as well as information described by headers, paths, query strings, stage variables, or context variables request parameters. Lambda authorizers are used to control who can invoke REST API methods.
Ref: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html