Amazon API Gateway is a fully managed AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. It acts as a “front door” for applications to access data, business logic, or functionality from customers back-end services, such as applications running on Amazon Elastic Compute Cloud (Amazon EC2), Amazon […]
AWS API Gateway
AWS API Gateway is a fully managed AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. It acts as a “front door” for applications to access data, business logic, or functionality from customers back-end services, such as applications running on Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS) or AWS Elastic Beanstalk, code running on AWS Lambda, or any web application.
- API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud. As an API Gateway API developer, can create APIs for use in their own client applications, or create APIs available to third-party app developers.
- API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management.
- Amazon API Gateway provides developers with a simple, flexible, fully managed, pay-as-you-go service that handles all aspects of creating and operating robust APIs for application back ends.
API Gateway features
API Gateway has powerful, flexible authentication mechanisms, such as AWS Identity and Access Management policies, Lambda authorizer functions, and Amazon Cognito user pools.
- Using signature version 4 authentication, customers can use AWS Identity, Access Management (IAM), and access policies to authorize access to their APIs and all the other AWS resources.
- Customers can use AWS Lambda functions to verify and authorize bearer tokens such as JWT tokens or SAML assertion.
API Gateway enables customers to manage traffic of their backend systems by allowing them to set throttling rules based on the number of requests per second for each HTTP method in the APIs.
- API Gateway handles any level of traffic received by an API. Using REST APIs, customers can set up a cache with customizable keys and time-to-live in seconds for the API data to avoid hitting your backend services for each request.
- API Gateway provides customers with a dashboard to visually monitor calls to the services. The API Gateway console is integrated with Amazon CloudWatch, means customers get backend performance metrics such as API calls, latency, and error rates.
SERVERLESS DEVELOPER PORTAL
Using a Serverless Developer Portal customers can use to publish API Gateway, and manage APIs directly from API Gateway. A developer portal is an application that customers use to make their APIs available to their customers. Once customers publish APIs in a developer portal, their users can:
- Discover which APIs are available.
- Browse your API documentation.
- Register for—and immediately receive—their own API key that can be used to build applications.
- Try out your APIs in the developer portal UI.
- Monitor their own API usage.
Amazon API Gateway publishes updates Serverless Developer Portal applications in the AWS Serverless Application Repository regularly.
- AWS clients can customize and incorporate it into their build and deployment tools. The front end is written in React and is designed to be fully customizable.
After an API is deployed and in use, API Gateway provides customers with a dashboard to visually monitor calls to the services. The API Gateway console is integrated with Amazon CloudWatch, so that customers can get backend performance metrics such as API calls, latency, and error rates.
- Because API Gateway uses CloudWatch to record monitoring information, AWS clients can set up custom alarms on API Gateway APIs.
- CloudTrail captures all REST API calls for API Gateway as events, including calls from the API Gateway console and from code calls to the API Gateway APIs.
- By creating a trail, customers can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for API Gateway.
- Using the information collected by CloudTrail, customers can determine the request that was made to API Gateway, the IP address from which the request was made, who made the request, when it was made, and more.
AWS WAF is a web application firewall that helps protect web applications and APIs from attacks. It enables customers to configure a set of rules (called a web access control list (web ACL)) that allow, block, or count web requests based on customizable web security rules and conditions that they define.
- AWS WAF is customers first line of defense against web exploits. When AWS WAF is enabled on an API, AWS WAF rules are evaluated before other access control features, such as resource policies, IAM policies, Lambda authorizers, and Amazon Cognito authorizers.
- Customers can use AWS WAF to protect their API Gateway API from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks.
- By creating rules that match a specified string or a regular expression pattern in HTTP headers, method, query string, URI, and the request body (limited to the first 8 KB).
STATEFUL & STATELESS
API Gateway support for stateful (WebSocket) and stateless (HTTP and REST) APIs. Using HTTP APIs, customers can build APIs for services behind private ALBs, private NLBs, and IP-based services registered in AWS Cloud Map, such as ECS tasks.
- HTTP API: HTTP APIs are optimized for building APIs that proxy to AWS Lambda functions or HTTP backends, making them ideal for serverless workloads. They do not currently offer API management functionality.
- REST API: REST APIs offer API proxy functionality and API management features in a single solution. REST APIs offer API management features such as usage plans, API keys, publishing, and monetizing APIs.
- WebSocket API: WebSocket APIs maintain a persistent connection between connected clients to enable real-time message communication. With WebSocket APIs in API Gateway, AWS customers can define backend integrations with AWS Lambda functions, Amazon Kinesis, or any HTTP endpoint to be invoked when messages are received from the connected clients.
Using API Gateway, AWS customers can create a custom API to the code running in AWS Lambda and then call the Lambda code from your API. API Gateway can execute AWS Lambda code in their account, start AWS Step Functions state machines, or make calls to AWS Elastic Beanstalk, Amazon EC2, or web services outside of AWS with publicly accessible HTTP endpoints.
- Using the API Gateway console, customers can define the REST API and its associated resources and methods,
- They can also manage their API lifecycle, generate client SDKs, and view API metrics.
- Using API Gateway, AWS clients can create a custom API to their code running in AWS Lambda and then call the Lambda code from their API.
- API Gateway can execute AWS Lambda code in your account, start AWS Step Functions state machines, or make calls to AWS Elastic Beanstalk, Amazon EC2, or web services outside of AWS with publicly accessible HTTP endpoints.