Aws Technical Day 2015 - Amazon API Gateway
- 1. ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Introducing Amazon API Gateway Oren Katz – Solutions Architect, AWS orenkatz@amazon.com
- 2. Agenda • Why we built Amazon API Gateway • What is Amazon API Gateway? • Amazon API Gateway Features & Functionality • Q&A
- 3. Your Feedback • Managing multiple versions and stages of an API is difficult
- 4. Your Feedback • Managing multiple versions and stages of an API is difficult • Monitoring 3rd party developers’ access is time consuming
- 5. Your Feedback • Managing multiple versions and stages of an API is difficult • Monitoring 3rd party developers’ access is time consuming • Access authorization is a challenge
- 6. Your Feedback • Managing multiple versions and stages of an API is difficult • Monitoring 3rd party developers’ access is time consuming • Access authorization is a challenge • Traffic spikes create operational burden
- 7. Your Feedback • Managing multiple versions and stages of an API is difficult • Monitoring 3rd party developers’ access is time consuming • Access authorization is a challenge • Traffic spikes create operational burden • What if I don’t want servers at all?
- 8. • Host multiple versions and stages of your APIs • Create and distribute API Keys to developers • Leverage AWS Sigv4 to authorize access to APIs • Throttle and monitor requests to protect your backend • Utilizes AWS Lambda Introducing Amazon API Gateway
- 9. Introducing Amazon API Gateway • Managed cache to store API responses • Reduced latency and DDoS protection through CloudFront • SDK Generation for iOS, Android and JavaScript • Swagger support • Request / Response data transformation and API mocking
- 10. How Does Amazon API Gateway Work?
- 11. An API Call Flow Internet Mobile Apps Websites Services API Gateway AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 / Amazon Elastic Beanstalk Any other publicly accessible endpoint Amazon CloudWatch Monitoring
- 12. Build, Deploy, Clone & Rollback • Build APIs with their resources, methods, and settings • Deploy APIs to a Stage – Users can create as many Stages as they want, each with its own Throttling, Caching, Metering, and Logging configuration • Clone an existing API to create a new version – Users can continue working on multiple versions of their APIs • Rollback to previous deployments – We keep a history of customers’ deployments so they can revert to a previous deployment
- 13. API Configuration • You can create APIs • Define resources within an API • Define methods for a resource – Methods are Resource + HTTP verb Pet Store /pets /pets/{petId} • GET • POST • PUT
- 14. API Deployments • API Configuration can be deployed to a stage • Stages are different environments For example: – Dev (e.g. awsapigateway.com/dev) – Beta (e.g. awsapigateway.com/beta) – Prod (e.g. awsapigateway.com/prod) – As many stages as you need Pet Store dev beta gamma prod
- 15. Manage Multiple Versions and Stages of your APIs API 1 (v1) Stage (dev) Stage (prod) API 2 (v2) Stage (dev)
- 16. Custom Domain Names • You can configure custom domain names • Provide API Gateway with a signed HTTPS certificate • Custom domain names can point to an API or a Stage • Pointing to an API you have access to all Stages – Beta (e.g. yourapi.com/beta) – Prod (e.g. yourapi.com/prod) • Pointing directly to your “prod” Stage – Prod (e.g. yourapi.com/)
- 18. API Keys to Meter Developer Usage • Create API Keys • Set access permissions at the API/Stage level • Meter usage of the API Keys through CloudWatch Logs
- 19. API Keys to Authorize Access • The name “Key” implies security – there is no security in baking text in an App’s code • API Keys should be used purely to meter app/developer usage • API Keys should be used alongside a stronger authorization mechanism
- 20. Leverage AWS Sigv4, or Use a Custom Header • You can leverage AWS Sigv4 to sign and authorize API calls – Amazon Cognito and AWS Security Token Service (STS) simplify the generation of temporary credentials for your app • You can support OAuth or other authorization mechanisms through custom headers – Simply configure your API methods to forward the custom headers to you backend
- 21. Using Sigv4 to authenticate calls to your API Call Login API, no auth required Client API Gateway Backend /login Lambda fn_login User Accounts database Credentials verified Cognito developer authenticated identities Access and secret key /login Receives credentials to sign API calls
- 23. API Throttling • Throttling helps you manage traffic to your backend • Throttle by developer-defined Requests/Sec limits • Requests over the limit are throttled – HTTP 429 response • The generated SDKs retry throttled requests
- 24. Caching of API Responses • You can configure a cache key and the Time to Live (TTL) of the API response • Cached items are returned without calling the backend • A cache is dedicated to you, by stage • You can provision between 0.5GB to 237GB of cache
- 25. Request processing workflow Receive incoming request • Check for item in dedicated cache • If found return cached item Check throttling configuration • Check current RPS rate • If above allowed rate return 429 Execute backend call
- 26. Input / Output Models and Transforms
- 28. API Models • Models are a JSON Schema representation of your API requests and responses • Models are used for input and output filtering, and SDK generation • You can reuse models across multiple methods in your API
- 29. Input / Output Transforms • Use Velocity Templates to transform data • Filter output results – Remove private or unnecessary data – Filter dataset size to improve API performance • GET to POST – Read all query string parameters from your GET request, and create a body to make a POST to your backend • JSON to XML – Receive JSON input and transform it to XML for your backend – Receive JSON from a Lambda function and transform it to XML
- 30. Transform Example: JSON to XML API Gateway Backend GET - /sayHello Lambda fn_sayHello /sayHello { “message” : “hello world” } <xml> <message> Hello world </message> </xml> #set($root = $input.path('$')) <xml> <message> $root.message </message> </xml>
- 31. SDK Generation
- 32. Generate Client SDKs Based on Your APIs • SDKs are generated based on API deployments (Stages) • If Request and Response Models are defined, the SDK includes input and output marshalling of your methods • SDKs know how to handle throttling responses • SDKs also know how to sign requests with AWS temporary credentials (SigV4) • Support for Android, iOS, JavaScript, …
- 33. Demo
- 34. Amazon API Gateway Pricing • $3.50 per Million API Gateway requests • Included in the AWS Free Tier – 1 Million API requests per month for 12 months • Data Transfer Out (Standard AWS Prices) – $0.09/GB for the first 10 TB – $0.085/GB for the next 40 TB – $0.07/GB for the next 100 TB – $0.05/GB for the next 350 TB
- 35. Optional – Dedicated Cache Pricing Cache Memory Size (GB) Price per Hour (USD) 0.5 $0.020 1.6 $0.038 6 $0.200 13 $0.250 28 $0.500 58 $1.000 118 $1.900 237 $3.800
- 36. Availability • Today! • Initially available in: – US East (N. Virginia) – US West (Oregon) – EU West (Dublin) – Plan to enable other regions rapidly
- 37. Amazon API Gateway Build, Deploy & Manage your APIs http://aws.amazon.com/apigateway/
- 38. Your Feedback is Important to AWS Please complete the session evaluation. Tell us what you think!
- 39. NEW YORK
- 40. NEW YORK ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved