Overview
- Building RESTful API ("backplane")
- Acts as reverse proxy server (forwards requests to backend)
- Backend can be Lambda, EC2, non-EC2
- Provides all the infrastructure
- Monitoring
- Versioning
- Throttling (token bucket)
- Caching
- Compression
- Authorizations
- Scales horizontally
- Pricing per request
- Allows public endpoints only
- Supports binary payloads
Logging
- Execution logging (managed by AWS)
- Access logging (DIY)
- What information (context)
- Format
Request-Response Model
- Frontend
- Method Request/Method Response
- Backend
- Integration Request/Integration Response
Stage
- Snapshot of an API
- Available for the client call
- Enable version control (test, prod)
- Stage Variables
- Allow to pass stage specific data to API integration
- Canary Release
- Canary settings defined for stage
- percentage of traffic
- Separate logs
- Canary settings defined for stage
Authorizer
- Lambda function for access control
- Uses
- bearer token (OAuth, SAML)
- Flow
- Client calls API
- API Gateway calls Authorizer (type)
- COGNITO_USER_POOL
- Custom
- TOKEN: bearer token (OAuth, SAML)
- REQUEST: headers, paths, query strings, stage variables
- Returns policy PrincipalId+PolicyDocument
VPC Link
- Allows access to private VPC resources
- Targets Network Load Balancer in VPC
- Effectively VPC Link is an integration endpoint
Gateway Responses
- Control behavior on HTTP error codes (>=400)
Endpoint
- Container
- Resources
- Deployment location
- Edge-optimized
- Uses CloudFront (global)
- Regional
- Edge-optimized
Usage Plans
- API key - identifies api caller
- Unsuitable for security
- Meters API usage per API key
- Uses token bucket algorithm
- Rate (rps)
- Burst
- Quota - max limit
- Use cases
- SaaS
API Gateway model
- Data schema
- Use cases
- Generate SDK
- Validate payload
Client Certificates
- Used by API Gateway to authenticate to backend
Swagger
- Open API Framework
- Design, Build, Document, Test
- Can be imported to API Gateway
No comments:
Post a Comment