Post on 12-Jun-2020
API Gateway – Der “Haupteingang” zu Ihren
Backend Services
Oliver Arafat, Enterprise Evangelist AWS
arafato@amazon.de
@OliverArafat
Microservices Webday
Agenda
• What is API Gateway and how does it work?
• Securing your API
• Throttling and Caching
• Pricing
• Demo
Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time
consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
• What if I don’t want servers at all?
Brian Wagner | Solutions Architect
Host multiple versions and stages of your APIs
Create and distribute API keys to developers
Leverage AWS Sig-v4 to authorize access to APIs
Throttle and monitor requests to protect your backend
Managed cache to store API responses
SDK Generation for iOS, Android, and JavaScript
Swagger support
Request / Response data transformation and API mocking
Why should I use API Gateway?
How does it work?
An API call flow
Internet
Mobile apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
cache
Endpoints on
Amazon
EC2/AWS
Elastic
Beanstalk
Any other publicly
accessible endpointAmazon
CloudWatch
monitoring
Build, deploy, clone, and roll back
• Build APIs with their resources, methods, and settings
• Deploy APIs to a stage
– Users can create as many stages as they want, each with its own throttling,
caching, metering, and logging configuration
• Clone an existing API to create a new version
– Users can continue working on multiple versions of their APIs
• Roll back to previous deployments
– We keep a history of customers’ deployments so they can revert to a
previous deployment
API configuration
• You can create APIs
• Define resources within an API
• Define methods for a resource
– Methods are resource + HTTP verb
Pet Store
/pets
/pets/{petId}
• GET
• POST
• PUT
API deployments
• API configuration can be deployed to a
stage
• Stages are different environments; for
example:
– Dev (e.g., example.com/dev)
– Beta (e.g., example.com/beta)
– Prod (e.g., example.com/prod)
– As many stages as you need
Pet Store
dev
beta
gamma
prod
Manage multiple versions and stages of your APIs
API 1 (v1)
Stage (dev)
Stage (prod)
API 2 (v2)
Stage (dev)
Custom domain names
• You can configure custom domain names
• Provide API Gateway with a signed HTTPS certificate
• Custom domain names can point to an API or a stage
• Point to an API and stage
– Beta (e.g., yourapi.com/beta)
– Prod (e.g., yourapi.com/prod)
Securing and Metering your API
Use API keys to meter developer usage
• Create API keys
• Set access permissions at the API/stage level
• Meter usage of the API keys through Amazon
CloudWatch Logs
Use API keys to authorize access
• The name “key” implies security – there is
no security in baking text in an app’s code
• API keys should be used purely to meter
app/developer usage
• API keys should be used alongside a
stronger authorization mechanism
Leverage AWS signature version 4
or use a custom header
• You can leverage AWS signature version 4 to sign
and authorize API calls
– Amazon Cognito and AWS Security Token Service (AWS STS)
simplify the generation of temporary credentials for your app
• You can support OAuth or other authorization
mechanisms through custom headers
– Simply configure your API methods to forward the custom headers to
you back end
Throttling and Caching
API throttling
• Throttling helps you manage traffic to your back end
• Throttle by developer-defined requests-per-second
limits
• Requests over the limit are throttled
– HTTP 429 response
• The generated SDKs retry throttled requests
Caching API responses
• You can configure a cache key and the Time to Live
(TTL) of the API response
• Cached items are returned without calling the back end
• A cache is dedicated to you, by stage
• You can provision between 0.5 GB and 237 GB of
cache
Request processing workflow
Receive incoming request
• Check for item in dedicated cache
• If found, return cached item
Check throttling configuration
• Check current requests-per-second rate
• If above allowed rate, return 429
Execute back-end call
Data filtering and transformation
API models
• Models are a JSON schema representation of
your API requests and responses
• Models are used for input and output filtering
and SDK generation
• You can reuse models across multiple methods
in your API
Input/output transforms
• Use Velocity templates to transform data
• Filter output results
– Remove private or unnecessary data
– Filter dataset size to improve API performance
• GET to POST
– Read all query string parameters from your GET request and create a body to
make a POST request to your back end
• JSON to XML
– Receive JSON input and transform it to XML for your back end
– Receive JSON from an AWS Lambda function and transform it to XML
Transform example: JSON to XML
API GatewayBack end
GET - /sayHelloAWS
Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>
SDK Generation
Generate client SDKs based on Your APIs
• SDKs are generated based on API deployments (stages)
• If request-response models are defined, the SDK includes
input and output marshalling of your methods
• SDKs know how to handle throttling responses
• SDKs also know how to sign requests with AWS
temporary credentials (signature version 4)
• Support for Android, iOS, JavaScript, …
Pricing
API Gateway pricing
• $3.50 per million API Gateway requests
• Included in the AWS Free Tier
– 1 million API requests per month for 12 months
• Data Transfer Out (standard AWS prices)
– $0.09/GB for the first 10 TB
– $0.085/GB for the next 40 TB
– $0.07/GB for the next 100 TB
– $0.05/GB for the next 350 TB
Optional – Dedicated cache pricing
Cache memory
size (GB)
Price per hour
(USD)
0.5 $0.020
1.6 $0.038
6 $0.200
13 $0.250
28 $0.500
58 $1.000
118 $1.900
237 $3.800
Availability
• Today!
• Initially available in:
– US East (N. Virginia)
– US West (Oregon)
– EU West (Dublin)
• We plan to enable other regions rapidly
Demo
API GatewayBuild, deploy, and manage your APIs
http://aws.amazon.com/api-gateway
AWS Free Tier
aws.amazon.com/free
Thank you!
Questions?
Oliver Arafat, Enterprise Evangelist AWS
arafato@amazon.de
@OliverArafat
Microservices Webday