TLDR; I found I needed to know roughly the following for the AWS Developer Associate exam:
|Core||API Gateway Overview||What is Amazon API Gateway?|
|Core||Tutorial||Create a REST API with Lambda integrations|
|Core||Concepts for review||API Gateway concepts|
|Integration||Lambda Integration||See section on API Creation|
|Integration||CORS||See section on CORS|
|Deployment||Fundamentals||Start with stage variables and look at how to publish|
|Security||Understand how Cognito User Pools integrate at a High level||User Pools|
|Security||Understand how Lambda Authorizer works at a High level||Use Lambda authorizers|
|Security||Access control||Control Access|
|Security||Just get yourself an overview of available protection options||Protect|
|Monitoring||Just get yourself an overview of available options||Monitor|
If you’re after the more definitive answer as why I think this, then read on:
In terms of backend AWS services to study, we’ve covered:
So far, so good. But what about providing access to these services? If I had my developer ‘hat’ on I might think:
How would I provide unified access to services such as Lambda, DynamoDB, EC2. We use Nginx, Apache etc as a ‘front door’ to disparate services all the time. I bet there’s an AWS equivalent.
But more importantly with my ‘exam’ head on, I found out I needed to know about it. I first found I needed API gateways because they were a weak spot in my exam practice. Once I found that these questions were occurring in multiple exam papers and in multiple contexts, I knew I needed to get the big picture. Especially as the exam blueprint also makes mention of the need to:
Understand loose coupling, REST APIs SQL/No-SQL, message queueing
Given we should at least know a bit about it, where from here? Let’s look at why to use it.
Why you would use API Gateway
Checking the FAQS first
First I went through the obvious step of checking the FAQ page, and reading why I might want it to use it (Q: Why use Amazon API Gateway?), we can see promises of:
- Security (Bearer Tokens, Cognito, IAM)
- Resiliency (throttling and caching)
- Lifecycle Management (build, publish deploy).
- Designed for devs (static content)
- Two-way comms
What that means for you study plan
Looking at this got me translating to ‘exam speak’. Roughly speaking, I might get questions on any of:
- Monitoring (let me guess, how we integrate with Cloudwatch).
- Securing (Because we’re now the ‘front door’).
- Integration (because it mentions accessing AWS services/other services/data).
- Types of API (how are we going to support the two way comms previously mentioned?).
- Provisioning (creation, publishing, deploying etc).
The architecture diagram from the getting started pages back this up. So, I have 2 sources confirming some rough study area now.
So we know why we might use (helpful for critical thinking in our exams) and we have a plan on the rough areas of study. We’ll try and find these areas when we look into the concepts next. If we learn the fundamentals, variations in exam questions are less likely to trip us up.
API gateway concepts
Based on both ‘exam practice hindsight’ and what the source above are telling me, I came up with a composite set of study areas.
- Integration (Lambda)
- Integration (CORS)
Why not use just the practice papers as a guide? Because If we just learn those precise points, variations in questions might trip us up. Better to use practice papers as a way to determine the big picture.
Let’s start with creating a new API.
Let’s start with the Lambda and REST API tutorial, it’s the simplest way yo get started. But also keep the concepts page handy. It’s your review guide for terms you don’t understand. By the time you’ve finished this study, you want to have consolidated your knowledge of:
- Integration Request/Responses
- Method Request/Response (including Gateway responses)
- The Lambda backend
- Stage variables
You’ll touch on these points during the tutorial, but then you’ll want to come back to review them a second time, to cement the ideas in your head.
Also whilst we’re “critically thinking”, notice this: The ‘next steps’ of the intro tutorial guide you to these points. If they’re fundamental enough for that, they’re a good building block for the exam.
|Passing input to a backend Lambda function||Input format of a Lambda function for proxy integration|
|Returning output from a backend Lambda function||Output format of a Lambda function for proxy integration|
|Setting up a custom domain name for your API||Setting up custom domain names for REST APIs|
|Adding a Lambda authorizer function to your API||Use API Gateway Lambda authorizers|
|Adding a Amazon Cognito user pool authorizer to your API||Control access to a REST API using Amazon Cognito User Pools as authorizer|
|Enabling CORS for your API||Enabling CORS for a REST API resource|
If you’re time poor though, simply skim the pages, and create some high level flashcards.
This will stand you you in good stead for further tutorials if you want to improve your understanding. The first tutorial would have guided you through the concept of deploying. Let’s reflect on that concept in a bit more detail next.
When doing the practice exams, this area was hard for me to conceive of without doing hands-on tutorials, as mentioned above. I’d advise you to look through:
- Understand how stage variables play a part in deployments. How do they integrate with the backend?
- Have a look through my questions to check you understand the concepts of a deployment.
- Once you have that under your belt, understand publishing, since “Simply creating and developing an API Gateway API doesn’t automatically make it callable by your users”.
- Look into canary deployments briefly, which we covered previously in AWS Deployment Types – stage variables and deployments go hand-in-hand.
- Also make sure you (very quickly) cover caching as it relates to the finished deployment, in a sense. And caching questions came up a lot for various AWS service questions as I covered exam papers.
I appreciate, this is a lot to cover, but the investment in the concepts is worth it for covering the multitude of exam variations. At the very least understand what the different parts are.
We’ll move onto integrations next.
From the basic tutorial we ahve ascertained that we need to connect an API to a backend service. We can revisit the types of integrations on this page – now we’ve done the groundwork of hands-on practice. I’d skim the pages on mock and private gateway integrations just to give awareness of what they are – you’ve built your foundations in this area, so you should be able to grasp this quickly.
The two areas I’d want to have a more detailed understanding of in terms of in are Lambda Integration and API Gateway CORS.
You have mostly covered this, but make sure you review the concepts of Lambda Integrations – all the pages under this section should consolidate what you learned. Don’t forget your concepts page as a reference.
This came up in the exam for me a few times, so it is worth getting a through understanding of. After all, from the architecture diagram a we saw websites were a form of integration and client using Ajax calls are pretty commonplace.
Personally, I needed to understand pre-flight options to get the bigger picture about when and where CORS gets more involved with API Gateway configurations.
I created a question sheet on CORS in AWS, so you can ‘search for meaning’ when using the following docs to find out more about it.
|Core Concepts (AWS)||Mozilla overview|
|When CORS would apply||CORS overview for API Gateway|
|How to setup CORS||CORS setup guide|
I found the Mozilla overview a useful refresher when combined with the overview on the official docs. Also compare the overview with ‘how to do‘ in order to cement your understanding. Onto security next since we are the front door to many services
Going back to the follow up steps from the basic tutorial, it suggested learning about Cognito User Pools as an means to Authorizer. I would suggest reading about this and Lambda Authorizers to get the picture on access control.
In terms of securing and endpoint, I’d also skim the overview page to understand the other available mechanisms for access control. I’d do the same for the Protecting your REST API page. An overview was enough for me to get the breadth of techniques to pass exam.
All the info for monitoring is easy enough to find under the REST API pages. We’re going to cover CloudWatch metrics and AWS X-Ray neater the end of this course, so if you like just skim the ‘Monitor Page‘ to understand what is available for monitoring.
We have had to cover a wide range of areas for AWS API gateway, but most of the needed concepts can be gleaned by doing the intro tutorial and following up from the concepts page. Focus on how the front and backend components integrate first.
Once you have the fundamentals of the technology, you can get the breadth of knowledge for this area but doing ‘variations on a theme’ – namely skimming the sections and seeing how the different mechanisms differ from the original tutorial.
Likewise most of the security concepts won’t be new if you have been doing ‘active learning’ when you’ve gone through previous weeks articles.
I hope this was helpful to you. If you have any feedback, questions, queries about this (or any) article, please feel free to contact me.
Next time we’ll be looking at Containerisation.