[AWS] Serverless: API Gateway

Features

  • Serverless
  • Monitoring
  • Authentication
  • Throttling
  • Web application Firewal
  • Custom domain names

How API Gateway works

When user come to your site, API Gateway will get all requests and redriect each request to different service.

 

AWS API Gateway API Types

REST API

  • Regular HTTP API with resources and methods
  • Request/Response nature

WebSockets API

  • For real-time communication between server and client
  • Requires persisten connection

 

API Gateway architecture

API Gateway also takes care of sending logs to CloudWatch.

Also cache the request, for the same request, it will use cache.

 

 

API Gateway targets

Possible targets for an HTTP request processed by API Gateway:

  • Lambda Function - call a Lambda function
  • HTTP Endpoint - call a public HTTP endpoint
  • AWS Service - send a request to an AWS service
  • Mock - return a response without calling a backend
  • VPC Link - access resource in an Amazon Virtual Private Cloud (VPC)

You can put multi request methods into one single Lambda function, but it is NOT recommended, better way is one method one function.

 

Endpoint Types

  • Edge optimized (Using cloudfront)
  • Regional
  • Private VPC

Edge optimized Endpoint

Your customers distrubutes accoss the world

 

Regional Endpoint

Customer in your region

 

Private VPC Endpoint

 

Lambda integration modes 

  • Proxy - passes all request information to a Lambda function. Easier to use.
  • Non-proxy - allows to transform incoming request using Velocity Template Language

API Gateway Stage

API Gateway Stage is a logical reference to a lifecycle state of the REST API implementation.

You can read more about API Gateway stages in AWS documentation.

 

API Gateway Limits

  • 10000 requests per second
    •   Soft linit can be increaed
  • 50ms to 29s second timeout
    •   Hard limit - bounds cannot be changed

 

API Gateway Caching

  • api: InvalideCache (with IAM role)
  • max-age=0 (client with IAM)
  • cache at stage level

 

 

Usage Plan & API KEY

  • x-api-key: you need to pass this key with usage plan, otherwise doesn't work
  • Usage plan mainly set limited for usage.

How to?

 

X-Ray & CloudWatch

Cloudwatch is stage level.

 

 

Ref: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html

After creating your API, you must deploy it to make it callable by your users. To deploy an API, you create an API deployment and associate it with a stage. A stage is a logical reference to a lifecycle state of your API (for example, dev, prod, beta, v2). API stages are identified by the API ID and stage name. Every time you update an API, you must redeploy the API to an existing stage or to a new stage. Updating an API includes modifying routes, methods, integrations, authorizers, and anything else other than stage settings.

 

AWS Security Token Service (STS) - AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). However, it is not supported by API Gateway.

Lambda Authorizer - Lambda authorizers are Lambda functions that control access to REST API methods using bearer token authentication—as well as information described by headers, paths, query strings, stage variables, or context variables request parameters. Lambda authorizers are used to control who can invoke REST API methods.

Ref: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html

 

posted @ 2021-06-01 14:40  Zhentiw  阅读(284)  评论(0)    收藏  举报