2022-03-09

Amazon API Gateway Overview

What is Amazon API Gateway

Amazon API Gateway is a flexible service that enables developers to define, deploy, and manage APIs for their applications. It serves as a front door for your backend services, allowing you to control how requests to your API should be handled and routed. By providing a single point of entry for managing multiple backend services, API Gateway simplifies the process of creating, securing, and maintaining APIs, ensuring the reliability and performance of your services.

Key Components of Amazon API Gateway

Amazon API Gateway consists of several core components, which work together to enable you to create, publish, and manage your APIs. These components include:

  • API
    The primary resource in API Gateway, representing a collection of methods and resources that can be accessed via HTTP or WebSocket protocols.

  • Resource
    A logical entity in your API that represents a particular feature or functionality of your backend service. Resources are organized hierarchically and can have methods associated with them.

  • Method
    An HTTP verb (such as GET, POST, or DELETE) that defines the action to be performed on a resource. Methods are associated with resources and can have various settings, such as request and response models, authentication, and integrations.

  • Integration
    A connection between an API Gateway method and a backend service, such as an AWS Lambda function or an HTTP/HTTPS endpoint. Integrations define how incoming API requests are processed and how responses are generated.

  • Stage
    A named deployment of your API that represents a specific version or environment (e.g., development, testing, or production). Stages can have their own settings, such as logging, caching, and throttling.

API Types in Amazon API Gateway

Amazon API Gateway supports three primary API types, each catering to different use cases and requirements:

  • RESTful APIs
    These APIs follow the principles of REST and are designed to support the standard HTTP methods (GET, POST, PUT, DELETE, etc.). RESTful APIs in API Gateway use JSON as the default data format for requests and responses, but can also be configured to support other formats.

  • WebSocket APIs
    WebSocket APIs enable real-time, bidirectional communication between clients and backend services, providing a more interactive and responsive user experience. WebSocket APIs in API Gateway support the WebSocket protocol, which allows for continuous data exchange without the need for repeatedly opening and closing connections.

  • HTTP APIs
    Designed for low-latency and cost-effective API development, HTTP APIs offer a simplified configuration and management experience compared to RESTful APIs. HTTP APIs primarily support JSON payloads, and integrate seamlessly with AWS services like Lambda, making them ideal for serverless applications.

API Gateway Features

Custom Domain Names

Custom domain names allow you to map your own domain to your API, creating a professional and consistent interface for your users. To set up a custom domain, you must first obtain an SSL/TLS certificate and configure it in Amazon API Gateway. Next, you'll create a custom domain name resource and map it to your API, specifying the base path mapping. Finally, you'll need to configure the Domain Name System (DNS) records for your custom domain to point to the API Gateway.

API Caching

API caching is an optional feature that can significantly improve the performance of your API by reducing the latency of requests. With API caching enabled, Amazon API Gateway caches the responses of your API methods for a specified period, reducing the need to call your backend services repeatedly. This can save on backend processing time and reduce the load on your services. You can enable API caching for individual stages of your API and customize cache settings, such as cache capacity and cache time-to-live (TTL).

Logging and Monitoring

Amazon API Gateway integrates with Amazon CloudWatch to provide logging and monitoring capabilities for your APIs. By enabling logging, you can track API usage, performance metrics, and error rates. You can also set up alarms to notify you if specific events occur or if certain thresholds are crossed. API Gateway also supports access logging, which provides detailed information about each API call, including the caller's identity, the request parameters, and the response elements.

Security Features

Security is a critical aspect of any API, and Amazon API Gateway provides several built-in features to help you secure your APIs. Some key security features include:

  • AWS Identity and Access Management (IAM)
    Control access to your API by creating IAM policies that define the actions allowed for specific users or groups.

  • Amazon Cognito
    Secure your API with user authentication and authorization using Amazon Cognito user pools.

  • Custom authorizers
    Create custom Lambda authorizers to implement your own authentication and authorization logic.

  • Resource policies
    Define access policies for your API at the resource level, restricting access based on IP address, VPC, or other criteria.

  • API keys
    Generate and manage API keys for third-party developers or applications to restrict access and usage.

Integrations

Amazon API Gateway can integrate with various AWS services, enabling you to create powerful and scalable applications. Some common integrations include:

  • AWS Lambda
    Build serverless applications by linking your API Gateway to Lambda functions that execute your custom code.

  • Amazon S3
    Serve static content, such as images or HTML files, directly from an Amazon S3 bucket via your API.

  • Amazon DynamoDB
    Access and manipulate data in DynamoDB tables using API Gateway and AWS Lambda.

  • AWS Step Functions
    Orchestrate complex workflows and microservices using API Gateway in conjunction with Step Functions.

Timeouts in Amazon API Gateway and AWS Lambda

When integrating Amazon API Gateway with AWS Lambda, it's essential to understand the timeouts in both services to avoid unexpected failures and ensure smooth operation. Timeouts are used to limit the time a service waits for a response before considering the request unsuccessful. In the context of API Gateway and Lambda integrations, there are two primary timeout settings to consider:

  • Amazon API Gateway Timeout
    API Gateway has a default timeout of 29 seconds for incoming requests. This means that if your Lambda function takes longer than 29 seconds to execute and return a response, API Gateway will return an error to the client. Note that the maximum configurable timeout for API Gateway is 30 seconds.

  • AWS Lambda Function Timeout
    Lambda functions have a default timeout of 3 seconds, which can be configured up to a maximum of 900 seconds (15 minutes). If the Lambda function does not complete execution within the specified timeout, it will be terminated, and an error will be returned to the API Gateway.

Amazon API Gateway Pricing

Amazon API Gateway has a pay-as-you-go pricing model, with different costs associated with each API type and various additional features.

The three primary API types (RESTful, WebSocket, and HTTP) have different pricing structures, as outlined below:

  • RESTful APIs
    You are charged based on the total number of API calls made, the amount of data transferred out, and the duration of any caching enabled for your API. The first 1 million API calls per month are free, with a cost per million calls thereafter, depending on the AWS region.
  • WebSocket APIs
    Pricing for WebSocket APIs is based on the number of messages sent and received, as well as the total number of connection minutes. A message is a discrete unit of data sent or received, with a maximum size of 128 KB. Connection minutes are calculated based on the total time your clients are connected to your WebSocket API.
  • HTTP APIs
    HTTP APIs have a lower cost per million calls compared to RESTful APIs, making them a more cost-effective option for many use cases. Similar to RESTful APIs, you are charged based on the total number of API calls made and the amount of data transferred out.

In addition to the costs associated with the API types, there are also costs for optional features such as custom domain names, API caching, and data transfer:

  • Custom Domain
    Names: When using custom domain names with Amazon API Gateway, you are charged based on the total number of requests made to your custom domain. The first 1 million requests per month are free, with a cost per million requests thereafter.
  • API Caching
    If you enable API caching for your API, you are charged based on the cache capacity you provision and the duration of time the cache is enabled. Cache capacity is measured in gigabytes (GB), and you can choose from several cache sizes to suit your needs.
  • Data Transfer
    Amazon API Gateway charges for data transferred out of the service, based on the total amount of data sent from your API to clients over the internet. Data transfer between API Gateway and other AWS services within the same region is free.

https://aws.amazon.com/api-gateway/pricing/

References

https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html
https://aws.amazon.com/api-gateway/pricing/

Ryusei Kakujo

researchgatelinkedingithub

Focusing on data science for mobility

Bench Press 100kg!