Amazon API Gateway

  • Enables developers to create, publish, maintain, monitor, and secure APIs at any scale.
  • This is a HIPAA eligible service.
  • Allows creating, deploying, and managing a RESTful API to expose backend HTTP endpoints, Lambda functions, or other AWS services.
  • Together with Lambda, API Gateway forms the app-facing part of the AWS serverless infrastructure.

 Concepts

    • API deployment – a point-in-time snapshot of your API Gateway API resources and methods. To be available for clients to use, the deployment must be associated with one or more API stages.
    • API endpoints – host names APIs in API Gateway, which are deployed to a specific region and of the format: rest-api-id.execute-api.region.amazonaws.com
    • API key – An alphanumeric string that API Gateway uses to identify an app developer who uses your API.
    • API stage – A logical reference to a lifecycle state of your API. API stages are identified by API ID and stage name.
    • Model – Data schema specifying the data structure of a request or response payload.
    • Private API – An API that is exposed through interface VPC endpoints and isolated from the public internet
    • Private integration – An API Gateway integration type for a client to access resources inside a customer’s VPC through a private API endpoint without exposing the resources to the public internet.
    • Proxy integration – You can set up a proxy integration as an HTTP proxy integration type or a Lambda proxy integration type.
      • For the HTTP proxy integration, API Gateway passes the entire request and response between the frontend and an HTTP backend.
      • For the Lambda proxy integration, API Gateway sends the entire request as an input to a backend Lambda function.
    • Usage plan – Provides selected API clients with access to one or more deployed APIs. You can use a usage plan to configure throttling and quota limits, which are enforced on individual client API keys.

API Endpoint Types

    • Edge-optimized API endpoint: The default host name of an API Gateway API that is deployed to the specified region while using a CloudFront distribution to facilitate client access typically from across AWS regions. API requests are routed to the nearest CloudFront Point of Presence.
    • Regional API endpoint: The host name of an API that is deployed to the specified region and intended to serve clients, such as EC2 instances, in the same AWS region. API requests are targeted directly to the region-specific API Gateway without going through any CloudFront distribution.
      • You can apply latency-based routing on regional endpoints to deploy an API to multiple regions using the same regional API endpoint configuration, set the same custom domain name for each deployed API, and configure latency-based DNS records in Route 53 to route client requests to the region that has the lowest latency.
    • Private API endpoint: Allows a client to securely access private API resources inside a VPC. Private APIs are isolated from the public Internet, and they can only be accessed using VPC endpoints for API Gateway that have been granted access.

Features

    • API Gateway can execute Lambda code in your account, start Step Functions state machines, or make calls to Elastic Beanstalk, EC2, or web services outside of AWS with publicly accessible HTTP endpoints.
    • API Gateway helps you define plans that meter and restrict third-party developer access to your APIs.
    • API Gateway helps you manage traffic to your backend systems by allowing you to set throttling rules based on the number of requests per second for each HTTP method in your APIs.
    • You can set up a cache with customizable keys and time-to-live in seconds for your API data to avoid hitting your backend services for each request.
    • API Gateway lets you run multiple versions of the same API simultaneously with API Lifecycle.
    • After you build, test, and deploy your APIs, you can package them in an API Gateway usage plan and sell the plan as a Software as a Service (SaaS) product through AWS Marketplace.
    • API Gateway offers the ability to create, update, and delete documentation associated with each portion of your API, such as methods and resources.
    • Amazon API Gateway offers general availability of HTTP APIs, which gives you the ability to route requests to private ELBs AWS AppConfig, Amazon EventBridge, Amazon Kinesis Data Streams, Amazon SQS, AWS Step Functions and IP-based services registered in AWS CloudMap such as ECS tasks. Previously, HTTP APIs enabled customers to only build APIs for their serverless applications or to proxy requests to HTTP endpoints.
    • You can create data mapping definitions from an HTTP API’s method request data (e.g. path parameters, query string, and headers) to the corresponding integration request parameters and from the integration response data (e.g. headers) to the HTTP API method response parameters.
    • Use wildcard custom domain names (*.example.com) to create multiple URLs that route to one API Gateway HTTP API.
    • You can configure your custom domain name to route requests to different APIs. Using multi-level base path mappings, you can implement path-based API versioning and migrate API traffic between APIs according to request paths with many segments.
  • All of the APIs created expose HTTPS endpoints only. API Gateway does not support unencrypted (HTTP) endpoints.

Monitoring

    • API Gateway console is integrated with CloudWatch, so you get backend performance metrics such as API calls, latency, and error rates.
    • You can set up custom alarms on API Gateway APIs.
    • API Gateway can also log API execution errors to CloudWatch Logs.
IT Certification Category (English)728x90

Security

    • To authorize and verify API requests to AWS services, API Gateway can help you leverage signature version 4. Using signature version 4 authentication, you can use IAM and access policies to authorize access to your APIs and all your other AWS resources.
    • You can enable AWS WAF for your APIs in Amazon API Gateway, making it easier to protect your APIs against common web exploits such as SQL injection and Cross-Site Scripting (XSS).
    • For API Gateway HTTP APIs, in addition to the previously supported OIDC/OAuth2 authorization option, you can also secure them using Lambda authorizers and IAM authorizers.

Pricing

    • You pay only for the API calls you receive and the amount of data transferred out.
    • API Gateway also provides optional data caching charged at an hourly rate that varies based on the cache size you select.

Building APIs with Amazon API Gateway:

Amazon API Gateway-related Cheat Sheets:

Note: If you are studying for the AWS Certified Advanced Networking Specialty exam, we highly recommend that you take our AWS Certified Advanced Networking – Specialty Practice Exams and read our Advanced Networking Specialty exam study guide.

AWS Certified Advanced Networking Specialty Practice Exams

Validate Your Knowledge

Question 1

A startup is using Amazon RDS to store data from a web application. Most of the time, the application has low user activity but it receives bursts of traffic within seconds whenever there is a new product announcement. The Solutions Architect needs to create a solution that will allow users around the globe to access the data using an API.

What should the Solutions Architect do meet the above requirement?

  1. Create an API using Amazon API Gateway and use the Amazon ECS cluster with Service Auto Scaling to handle the bursts of traffic in seconds.
  2. Create an API using Amazon API Gateway and use Amazon Elastic Beanstalk with Auto Scaling to handle the bursts of traffic in seconds.
  3. Create an API using Amazon API Gateway and use AWS Lambda to handle the bursts of traffic in seconds.
  4. Create an API using Amazon API Gateway and use an Auto Scaling group of Amazon EC2 instances to handle the bursts of traffic in seconds.

Correct Answer: 3

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. With Lambda, you can run code for virtually any type of application or backend service – all with zero administration. Just upload your code, and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app.

The first time you invoke your function, AWS Lambda creates an instance of the function and runs its handler method to process the event. When the function returns a response, it stays active and waits to process additional events. If you invoke the function again while the first event is being processed, Lambda initializes another instance, and the function processes the two events concurrently. As more events come in, Lambda routes them to available instances and creates new instances as needed. When the number of requests decreases, Lambda stops unused instances to free up the scaling capacity for other functions.

Your functions’ concurrency is the number of instances that serve requests at a given time. For an initial burst of traffic, your functions’ cumulative concurrency in a Region can reach an initial level of between 500 and 3000, which varies per Region.

Based on the given scenario, you need to create a solution that will satisfy the two requirements. The first requirement is to create a solution that will allow the users to access the data using an API. To implement this solution, you can use Amazon API Gateway. The second requirement is to handle the burst of traffic within seconds. You should use AWS Lambda in this scenario because Lambda functions can absorb reasonable bursts of traffic for approximately 15-30 minutes.

Lambda can scale faster than the regular Auto Scaling feature of Amazon EC2, Amazon Elastic Beanstalk, or Amazon ECS. This is because AWS Lambda is more lightweight than other computing services. Under the hood, Lambda can run your code to thousands of available AWS-managed EC2 instances (that could already be running) within seconds to accommodate traffic. This is faster than the Auto Scaling process of launching new EC2 instances that could take a few minutes or so. An alternative is to overprovision your compute capacity but that will incur significant costs. The best option to implement given the requirements is a combination of AWS Lambda and Amazon API Gateway.

Hence, the correct answer is: Create an API using Amazon API Gateway and use AWS Lambda to handle the bursts of traffic.

The option that says: Create an API using Amazon API Gateway and use the Amazon ECS cluster with Service Auto Scaling to handle the bursts of traffic in seconds is incorrect. AWS Lambda is a better option than Amazon ECS since it can handle a sudden burst of traffic within seconds and not minutes.

The option that says: Create an API using Amazon API Gateway and use Amazon Elastic Beanstalk with Auto Scaling to handle the bursts of traffic in seconds is incorrect because just like the previous option, the use of Auto Scaling has a delay of a few minutes as it launches new EC2 instances that will be used by Amazon Elastic Beanstalk.

The option that says: Create an API using Amazon API Gateway and use an Auto Scaling group of Amazon EC2 instances to handle the bursts of traffic in seconds is incorrect because the processing time of Amazon EC2 Auto Scaling to provision new resources takes minutes. Take note that in the scenario, a burst of traffic within seconds is expected to happen.

References:
https://aws.amazon.com/blogs/startups/from-0-to-100-k-in-seconds-instant-scale-with-aws-lambda/
https://docs.aws.amazon.com/lambda/latest/dg/invocation-scaling.html

Note: This question was extracted from our AWS Certified Solutions Architect Associate Practice Exams.

Question 2

A developer configured an Amazon API Gateway proxy integration named MyAPI to work with a Lambda function. However, when the API is being called, the developer receives a 502 Bad Gateway error. She tried invoking the underlying function but it properly returns the result in XML format.

What is the MOST likely root cause of this issue?

  1. The API name of the Amazon API Gateway proxy is invalid.
  2. There has been an occasional out-of-order invocation due to heavy loads.
  3. The endpoint request timed-out.
  4. There is an incompatible output returned from a Lambda proxy integration backend.

Correct Answer: 4

Amazon API Gateway Lambda proxy integration is a simple, powerful, and nimble mechanism to build an API with a setup of a single API method. The Lambda proxy integration allows the client to call a single Lambda function in the backend. The function accesses many resources or features of other AWS services, including calling other Lambda functions.

Tutorials Dojo Study Guide and Cheatsheet

In Lambda proxy integration, when a client submits an API request, API Gateway passes the raw request as-is to the integrated Lambda function, except that the order of the request parameters is not preserved. This request data includes the request headers, query string parameters, URL path variables, payload, and API configuration data. The configuration data can include current deployment stage name, stage variables, user identity, or authorization context (if any). The backend Lambda function parses the incoming request data to determine the response that it returns.

For API Gateway to pass the Lambda output as the API response to the client, the Lambda function must return the result in the following JSON format:

{
    "isBase64Encoded": true|false,
    "statusCode": httpStatusCode,
    "headers": { "headerName": "headerValue", ... },
    "body": "..."
}

Since the Lambda function returns the result in XML format, it will cause the 502 errors in the API Gateway. Hence, the correct answer is: there is an incompatible output returned from a Lambda proxy integration backend.

The option that says: The API name of the Amazon API Gateway proxy is invalid is incorrect because there is nothing wrong with its MyAPI name.

The option that says: There has been an occasional out-of-order invocation due to heavy loads is incorrect because although this is a valid cause of a 502 error, the issue is most likely caused by the Lambda function’s XML response instead of JSON.

The option that says: The endpoint request timed-out is incorrect because this will likely result in 504 errors and not 502’s.

References:
https://aws.amazon.com/premiumsupport/knowledge-center/malformed-502-api-gateway/
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-proxy-integrations.html#api-gateway-simple-proxy-for-lambda-output-format
https://docs.aws.amazon.com/apigateway/api-reference/handling-errors/

Note: This question was extracted from our AWS Certified Developer Associate Practice Exams.

For more AWS practice exam questions with detailed explanations, visit the Tutorials Dojo Portal:

Tutorials Dojo AWS Practice Tests

Additional Training Materials: Amazon API Gateway Video Courses on Udemy

  1. AWS Serverless APIs & Apps – A Complete Introduction by Maximilian Schwarzmüller
  2. AWS Lambda & Serverless Architecture Bootcamp (Build 5 Apps) by Riyaz Sayyad
  3. Serverless Architecture on Amazon Web Services by Mahmoud Matouk

References: 
https://docs.aws.amazon.com/apigateway/latest/developerguide/
https://aws.amazon.com/api-gateway/features/
https://aws.amazon.com/api-gateway/pricing/
https://aws.amazon.com/api-gateway/faqs/

SysOps Practice Tests Updated to SOA-C02. SALE on SysOps, SAA, CDA Practice Exams!

Pass your AWS, Azure, and Google Cloud Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

Tutorials Dojo Study Guide and Cheat Sheets-2

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?

error: Content is protected !!