API Gateway ¢â‚¬â€œDer ¢â‚¬“Haupteingang zu Ihren Backend Servicesaws-de-media.s3. Breakfast...¢  API Gateway

  • View
    0

  • Download
    0

Embed Size (px)

Text of API Gateway ¢â‚¬â€œDer...

  • API Gateway – Der “Haupteingang” zu Ihren

    Backend Services

    Oliver Arafat, Enterprise Evangelist AWS

    arafato@amazon.de

    @OliverArafat

    Microservices Webday

  • Agenda

    • What is API Gateway and how does it work?

    • Securing your API

    • Throttling and Caching

    • Pricing

    • Demo

  • Your feedback

    • Managing multiple versions and stages of an API is difficult.

    • Monitoring third-party developers’ access is time

    consuming.

    • Access authorization is a challenge.

    • Traffic spikes create an operational burden.

    • What if I don’t want servers at all?

  • Brian Wagner | Solutions Architect

    Host multiple versions and stages of your APIs

    Create and distribute API keys to developers

    Leverage AWS Sig-v4 to authorize access to APIs

    Throttle and monitor requests to protect your backend

    Managed cache to store API responses

    SDK Generation for iOS, Android, and JavaScript

    Swagger support

    Request / Response data transformation and API mocking

    Why should I use API Gateway?

  • How does it work?

  • An API call flow

    Internet

    Mobile apps

    Websites

    Services

    API

    Gateway

    AWS Lambda

    functions

    AWS

    API Gateway

    cache

    Endpoints on

    Amazon

    EC2/AWS

    Elastic

    Beanstalk

    Any other publicly

    accessible endpoint Amazon

    CloudWatch

    monitoring

  • Build, deploy, clone, and roll back

    • Build APIs with their resources, methods, and settings

    • Deploy APIs to a stage

    – Users can create as many stages as they want, each with its own throttling,

    caching, metering, and logging configuration

    • Clone an existing API to create a new version

    – Users can continue working on multiple versions of their APIs

    • Roll back to previous deployments

    – We keep a history of customers’ deployments so they can revert to a

    previous deployment

  • API configuration

    • You can create APIs

    • Define resources within an API

    • Define methods for a resource

    – Methods are resource + HTTP verb

    Pet Store

    /pets

    /pets/{petId}

    • GET

    • POST

    • PUT

  • API deployments

    • API configuration can be deployed to a

    stage

    • Stages are different environments; for

    example:

    – Dev (e.g., example.com/dev)

    – Beta (e.g., example.com/beta)

    – Prod (e.g., example.com/prod)

    – As many stages as you need

    Pet Store

    dev

    beta

    gamma

    prod

  • Manage multiple versions and stages of your APIs

    API 1 (v1)

    Stage (dev)

    Stage (prod)

    API 2 (v2)

    Stage (dev)

  • Custom domain names

    • You can configure custom domain names

    • Provide API Gateway with a signed HTTPS certificate

    • Custom domain names can point to an API or a stage

    • Point to an API and stage

    – Beta (e.g., yourapi.com/beta)

    – Prod (e.g., yourapi.com/prod)

  • Securing and Metering your API

  • Use API keys to meter developer usage

    • Create API keys

    • Set access permissions at the API/stage level

    • Meter usage of the API keys through Amazon

    CloudWatch Logs

  • Use API keys to authorize access

    • The name “key” implies security – there is

    no security in baking text in an app’s code

    • API keys should be used purely to meter

    app/developer usage

    • API keys should be used alongside a

    stronger authorization mechanism

  • Leverage AWS signature version 4

    or use a custom header

    • You can leverage AWS signature version 4 to sign

    and authorize API calls

    – Amazon Cognito and AWS Security Token Service (AWS STS)

    simplify the generation of temporary credentials for your app

    • You can support OAuth or other authorization

    mechanisms through custom headers

    – Simply configure your API methods to forward the custom headers to

    you back end

  • Throttling and Caching

  • API throttling

    • Throttling helps you manage traffic to your back end

    • Throttle by developer-defined requests-per-second

    limits

    • Requests over the limit are throttled

    – HTTP 429 response

    • The generated SDKs retry throttled requests

  • Caching API responses

    • You can configure a cache key and the Time to Live

    (TTL) of the API response

    • Cached items are returned without calling the back end

    • A cache is dedicated to you, by stage

    • You can provision between 0.5 GB and 237 GB of

    cache

  • Request processing workflow

    Receive incoming request

    • Check for item in dedicated cache

    • If found, return cached item

    Check throttling configuration

    • Check current requests-per-second rate

    • If above allowed rate, return 429

    Execute back- end call

  • Data filtering and transformation

  • API models

    • Models are a JSON schema representation of

    your API requests and responses

    • Models are used for input and output filtering

    and SDK generation

    • You can reuse models across multiple methods

    in your API

  • Input/output transforms

    • Use Velocity templates to transform data

    • Filter output results

    – Remove private or unnecessary data

    – Filter dataset size to improve API performance

    • GET to POST

    – Read all query string parameters from your GET request and create a body to

    make a POST request to your back end

    • JSON to XML

    – Receive JSON input and transform it to XML for your back end

    – Receive JSON from an AWS Lambda function and transform it to XML

  • Transform example: JSON to XML

    API Gateway Back end

    GET - /sayHello AWS

    Lambda

    fn_sayHello

    /sayHello

    {

    “message” : “hello world”

    }

    Hello world

    #set($root = $input.path('$'))

    $root.message

  • SDK Generation

  • Generate client SDKs based on Your APIs

    • SDKs are generated based on API deployments (stages)

    • If request-response models are defined, the SDK includes

    input and output marshalling of your methods

    • SDKs know how to handle throttling responses

    • SDKs also know how to sign requests with AWS

    temporary credentials (signature version 4)

    • Support for Android, iOS, JavaScript, …

  • Pricing

  • API Gateway pricing

    • $3.50 per million API Gateway requests

    • Included in the AWS Free Tier

    – 1 million API requests per month for 12 months

    • Data Transfer Out (standard AWS prices)

    – $0.09/GB for the first 10 TB

    – $0.085/GB for the next 40 TB

    – $0.07/GB for the next 100 TB

    – $0.05/GB for the next 350 TB

  • Optional – Dedicated cache pricing

    Cache memory

    size (GB)

    Price per hour

    (USD)

    0.5 $0.020

    1.6 $0.038

    6 $0.200

    13 $0.250

    28 $0.500

    58 $1.000

    118 $1.900

    237 $3.800

  • Availability

    • Today!

    • Initially available in:

    – US East (N. Virginia)

    – US West (Oregon)

    – EU West (Dublin)

    • We plan to enable other regions rapidly

  • Demo

  • API Gateway Build, deploy, and manage your APIs

    http://aws.amazon.com/api-gateway

    http://aws.amazon.com/api-gateway

  • AWS Free Tier

    aws.amazon.com/free

    http://aws.amazon.com/de/free/?sc_ichannel=il&sc_icampaign=de2015Q3_il_microservices-breakfast_pdf-download&sc_icountry=de&sc_ipublisher=aws&sc_imedium=&sc_icontent=event_registration&sc_icategory=aws_cloud_computing&sc_isegment=event_registration&trkCampaign=aws_contact_us_sales&trk=de2015Q3_il_microservices-breakfast_pdf-download http://aws.amazon.com/de/free/?sc_ichannel=il&sc_icampaign=de2015Q3_il_microservices-breakfast_pdf-download&sc_icountry=de&sc_ipublisher=aws&sc_imedium=&sc_icontent=event_registration&sc_icategory=aws_cloud_computing&sc_isegment=event_registration&trkCampaign=aws_contact_us_sales&trk=de2015Q3_il_microservices-breakfast_pdf-download http://aws.amazon.com/de/free/?sc_ichannel=il&sc_icampaign=de2015Q3_il_microservices-breakfast_pdf-download&sc_icountry=de&sc_ipublisher=aws&sc_imedium=&sc_icontent=event_registration&sc_icategory=aws_cloud_computing&sc_isegment=event_registration&trkCampaign=aws_contact_us_sales&trk=de2015Q3_il_microservices-breakfast_pdf-download http://aws.amazon.com/de/free/?sc_ichannel=il&sc_icampaign=de2015Q3_il_microservic