Understanding AWS API Gateways

TLDR; I found I needed to know roughly the following for the AWS Developer Associate exam:

ConceptAreaResource
CoreAPI Gateway OverviewWhat is Amazon API Gateway?
CoreTutorialCreate a REST API with Lambda integrations
CoreConcepts for reviewAPI Gateway concepts
IntegrationLambda IntegrationSee section on API Creation
IntegrationCORSSee section on CORS
DeploymentFundamentalsStart with stage variables and look at how to publish
DeploymentFundamentalsQuestion Sheet
SecurityUnderstand how Cognito User Pools integrate at a High levelUser Pools
SecurityUnderstand how Lambda Authorizer works at a High levelUse Lambda authorizers
SecurityAccess controlControl Access
SecurityJust get yourself an overview of available protection optionsProtect
MonitoringJust get yourself an overview of available optionsMonitor
High level areas for AW

If you’re after the more definitive answer as why I think this, then read on:

Introduction

In terms of backend AWS services to study, we’ve covered:

  • Lambda
  • EC2
  • DynamoDB

And further we’ve covered how to integrate directly with these services using the CLI and SDK. And I’ve shown you how you can make your study ‘active’ with ‘learning tests‘.

So far, so good. But what about providing access to these services? If I had my developer ‘hat’ on I might think:

How would I provide unified access to services such as Lambda, DynamoDB, EC2. We use Nginx, Apache etc as a ‘front door’ to disparate services all the time. I bet there’s an AWS equivalent.

But more importantly with my ‘exam’ head on, I found out I needed to know about it. I first found I needed API gateways because they were a weak spot in my exam practice. Once I found that these questions were occurring in multiple exam papers and in multiple contexts, I knew I needed to get the big picture. Especially as the exam blueprint also makes mention of the need to:

Understand loose coupling, REST APIs SQL/No-SQL, message queueing

Given we should at least know a bit about it, where from here? Let’s look at why to use it.

Why you would use API Gateway

Checking the FAQS first

First I went through the obvious step of checking the FAQ page, and reading why I might want it to use it (Q: Why use Amazon API Gateway?), we can see promises of:

  • Metering
  • Security (Bearer Tokens, Cognito, IAM)
  • Resiliency (throttling and caching)
  • Monitoring
  • Lifecycle Management (build, publish deploy).
  • Designed for devs (static content)
  • Two-way comms

What that means for you study plan

Looking at this got me translating to ‘exam speak’. Roughly speaking, I might get questions on any of:

  • Monitoring (let me guess, how we integrate with Cloudwatch).
  • Securing (Because we’re now the ‘front door’).
  • Integration (because it mentions accessing AWS services/other services/data).
  • Types of API (how are we going to support the two way comms previously mentioned?).
  • Provisioning (creation, publishing, deploying etc).

The architecture diagram from the getting started pages back this up. So, I have 2 sources confirming some rough study area now.


 API Gateway architecture diagram

So we know why we might use (helpful for critical thinking in our exams) and we have a plan on the rough areas of study. We’ll try and find these areas when we look into the concepts next. If we learn the fundamentals, variations in exam questions are less likely to trip us up.

API gateway concepts

Based on both ‘exam practice hindsight’ and what the source above are telling me, I came up with a composite set of study areas.

  • Create/Maintain
  • Deploying
  • Security
  • Monitoring
  • Integration (Lambda)
  • Integration (CORS)

Why not use just the practice papers as a guide? Because If we just learn those precise points, variations in questions might trip us up. Better to use practice papers as a way to determine the big picture.

Let’s start with creating a new API.

API Creation

Let’s start with the Lambda and REST API tutorial, it’s the simplest way yo get started. But also keep the concepts page handy. It’s your review guide for terms you don’t understand. By the time you’ve finished this study, you want to have consolidated your knowledge of:

  • Integration Request/Responses
  • Method Request/Response (including Gateway responses)
  • The Lambda backend
  • Stage variables

You’ll touch on these points during the tutorial, but then you’ll want to come back to review them a second time, to cement the ideas in your head.

Also whilst we’re “critically thinking”, notice this: The ‘next steps’ of the intro tutorial guide you to these points. If they’re fundamental enough for that, they’re a good building block for the exam.

Passing input to a backend Lambda functionInput format of a Lambda function for proxy integration
Returning output from a backend Lambda functionOutput format of a Lambda function for proxy integration
Setting up a custom domain name for your APISetting up custom domain names for REST APIs
Adding a Lambda authorizer function to your APIUse API Gateway Lambda authorizers
Adding a Amazon Cognito user pool authorizer to your APIControl access to a REST API using Amazon Cognito User Pools as authorizer
Enabling CORS for your APIEnabling CORS for a REST API resource
Potential follow up steps (as suggested by AWS tutorial page)

If you’re time poor though, simply skim the pages, and create some high level flashcards.

This will stand you you in good stead for further tutorials if you want to improve your understanding. The first tutorial would have guided you through the concept of deploying. Let’s reflect on that concept in a bit more detail next.

API Deployments

When doing the practice exams, this area was hard for me to conceive of without doing hands-on tutorials, as mentioned above. I’d advise you to look through:

  • Understand how stage variables play a part in deployments. How do they integrate with the backend?
Using API Gateway stage variables to manage Lambda functions | AWS Compute  Blog

  • Have a look through my questions to check you understand the concepts of a deployment.
  • Once you have that under your belt, understand publishing, since “Simply creating and developing an API Gateway API doesn’t automatically make it callable by your users”.
  • Look into canary deployments briefly, which we covered previously in AWS Deployment Types – stage variables and deployments go hand-in-hand.
  • Also make sure you (very quickly) cover caching as it relates to the finished deployment, in a sense. And caching questions came up a lot for various AWS service questions as I covered exam papers.

I appreciate, this is a lot to cover, but the investment in the concepts is worth it for covering the multitude of exam variations. At the very least understand what the different parts are.

We’ll move onto integrations next.

Integrations

From the basic tutorial we ahve ascertained that we need to connect an API to a backend service. We can revisit the types of integrations on this page – now we’ve done the groundwork of hands-on practice. I’d skim the pages on mock and private gateway integrations just to give awareness of what they are – you’ve built your foundations in this area, so you should be able to grasp this quickly.

The other parts I’d skim (but make flashcards for) are the differences between the REST and HTTP API and the overview of what a WebSocket API is.

The two areas I’d want to have a more detailed understanding of in terms of in are Lambda Integration and API Gateway CORS.

Lambda Integration

You have mostly covered this, but make sure you review the concepts of Lambda Integrations – all the pages under this section should consolidate what you learned. Don’t forget your concepts page as a reference.

CORS

This came up in the exam for me a few times, so it is worth getting a through understanding of. After all, from the architecture diagram a we saw websites were a form of integration and client using Ajax calls are pretty commonplace.

Personally, I needed to understand pre-flight options to get the bigger picture about when and where CORS gets more involved with API Gateway configurations.

I created a question sheet on CORS in AWS, so you can ‘search for meaning’ when using the following docs to find out more about it.

ConceptResource
Core Concepts (AWS)Mozilla overview
When CORS would applyCORS overview for API Gateway
How to setup CORSCORS setup guide

I found the Mozilla overview a useful refresher when combined with the overview on the official docs. Also compare the overview with ‘how to do‘ in order to cement your understanding. Onto security next since we are the front door to many services

Security

Going back to the follow up steps from the basic tutorial, it suggested learning about Cognito User Pools as an means to Authorizer. I would suggest reading about this and Lambda Authorizers to get the picture on access control.

In terms of securing and endpoint, I’d also skim the overview page to understand the other available mechanisms for access control. I’d do the same for the Protecting your REST API page. An overview was enough for me to get the breadth of techniques to pass exam.

Monitoring

All the info for monitoring is easy enough to find under the REST API pages. We’re going to cover CloudWatch metrics and AWS X-Ray neater the end of this course, so if you like just skim the ‘Monitor Page‘ to understand what is available for monitoring.

Conclusion

We have had to cover a wide range of areas for AWS API gateway, but most of the needed concepts can be gleaned by doing the intro tutorial and following up from the concepts page. Focus on how the front and backend components integrate first.

Once you have the fundamentals of the technology, you can get the breadth of knowledge for this area but doing ‘variations on a theme’ – namely skimming the sections and seeing how the different mechanisms differ from the original tutorial.

Likewise most of the security concepts won’t be new if you have been doing ‘active learning’ when you’ve gone through previous weeks articles.

I hope this was helpful to you. If you have any feedback, questions, queries about this (or any) article, please feel free to contact me.

Next time we’ll be looking at Containerisation.