AWS Technical Day - Amazon API Gateway

1. ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Introducing Amazon API Gateway
Oren Katz – Solutions Architect, AWS
orenkatz@amazon.com

2. Agenda
• Why we built Amazon API Gateway
• What is Amazon API Gateway?
• Amazon API Gateway Features & Functionality
• Q&A

3. Your Feedback
• Managing multiple versions and stages of an API is difficult

4. Your Feedback
• Managing multiple versions and stages of an API is difficult
• Monitoring 3rd party developers’ access is time consuming

5. Your Feedback
• Managing multiple versions and stages of an API is difficult
• Monitoring 3rd party developers’ access is time consuming
• Access authorization is a challenge

6. Your Feedback
• Managing multiple versions and stages of an API is difficult
• Monitoring 3rd party developers’ access is time consuming
• Access authorization is a challenge
• Traffic spikes create operational burden

7. Your Feedback
• Managing multiple versions and stages of an API is difficult
• Monitoring 3rd party developers’ access is time consuming
• Access authorization is a challenge
• Traffic spikes create operational burden
• What if I don’t want servers at all?

8. • Host multiple versions and stages of your APIs
• Create and distribute API Keys to developers
• Leverage AWS Sigv4 to authorize access to APIs
• Throttle and monitor requests to protect your backend
• Utilizes AWS Lambda
Introducing Amazon API Gateway

9. Introducing Amazon API Gateway
• Managed cache to store API responses
• Reduced latency and DDoS protection through CloudFront
• SDK Generation for iOS, Android and JavaScript
• Swagger support
• Request / Response data transformation and API mocking

10. How Does Amazon API Gateway Work?

11. An API Call Flow
Internet
Mobile Apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2 /
Amazon
Elastic
Beanstalk
Any other publicly
accessible endpoint
Amazon
CloudWatch
Monitoring

12. Build, Deploy, Clone & Rollback
• Build APIs with their resources, methods, and settings
• Deploy APIs to a Stage
– Users can create as many Stages as they want, each with its own
Throttling, Caching, Metering, and Logging configuration
• Clone an existing API to create a new version
– Users can continue working on multiple versions of their APIs
• Rollback to previous deployments
– We keep a history of customers’ deployments so they can revert to a
previous deployment

13. API Configuration
• You can create APIs
• Define resources within an API
• Define methods for a resource
– Methods are Resource + HTTP verb
Pet Store
/pets
/pets/{petId}
• GET
• POST
• PUT

14. API Deployments
• API Configuration can be deployed to
a stage
• Stages are different environments
For example:
– Dev (e.g. awsapigateway.com/dev)
– Beta (e.g. awsapigateway.com/beta)
– Prod (e.g. awsapigateway.com/prod)
– As many stages as you need
Pet Store
dev
beta
gamma
prod

15. Manage Multiple Versions and Stages of your APIs
API 1 (v1)
Stage (dev)
Stage (prod)
API 2 (v2)
Stage (dev)

16. Custom Domain Names
• You can configure custom domain names
• Provide API Gateway with a signed HTTPS certificate
• Custom domain names can point to an API or a Stage
• Pointing to an API you have access to all Stages
– Beta (e.g. yourapi.com/beta)
– Prod (e.g. yourapi.com/prod)
• Pointing directly to your “prod” Stage
– Prod (e.g. yourapi.com/)

17. Metering & Authorization

18. API Keys to Meter Developer Usage
• Create API Keys
• Set access permissions at the API/Stage level
• Meter usage of the API Keys through
CloudWatch Logs

19. API Keys to Authorize Access
• The name “Key” implies security – there is
no security in baking text in an App’s code
• API Keys should be used purely to meter
app/developer usage
• API Keys should be used alongside a
stronger authorization mechanism

20. Leverage AWS Sigv4, or Use a Custom Header
• You can leverage AWS Sigv4 to sign and authorize
API calls
– Amazon Cognito and AWS Security Token Service (STS) simplify the
generation of temporary credentials for your app
• You can support OAuth or other authorization
mechanisms through custom headers
– Simply configure your API methods to forward the custom headers to
you backend

21. Using Sigv4 to authenticate calls to your API
Call Login API,
no auth required
Client API Gateway Backend
/login
Lambda
fn_login
User
Accounts
database
Credentials
verified
Cognito developer
authenticated
identities
Access and
secret key
/login
Receives
credentials to
sign API calls

22. Throttling and Caching

23. API Throttling
• Throttling helps you manage traffic to your backend
• Throttle by developer-defined Requests/Sec limits
• Requests over the limit are throttled
– HTTP 429 response
• The generated SDKs retry throttled requests

24. Caching of API Responses
• You can configure a cache key and the Time to Live
(TTL) of the API response
• Cached items are returned without calling the backend
• A cache is dedicated to you, by stage
• You can provision between 0.5GB to 237GB of cache

25. Request processing workflow
Receive
incoming
request
• Check for item in
dedicated cache
• If found return
cached item
Check
throttling
configuration
• Check current RPS
rate
• If above allowed
rate return 429
Execute
backend call

26. Input / Output Models and Transforms

28. API Models
• Models are a JSON Schema representation of
your API requests and responses
• Models are used for input and output filtering,
and SDK generation
• You can reuse models across multiple methods
in your API

29. Input / Output Transforms
• Use Velocity Templates to transform data
• Filter output results
– Remove private or unnecessary data
– Filter dataset size to improve API performance
• GET to POST
– Read all query string parameters from your GET request, and create a body
to make a POST to your backend
• JSON to XML
– Receive JSON input and transform it to XML for your backend
– Receive JSON from a Lambda function and transform it to XML

30. Transform Example: JSON to XML
API Gateway
Backend
GET - /sayHello
Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>

31. SDK Generation

32. Generate Client SDKs Based on Your APIs
• SDKs are generated based on API deployments (Stages)
• If Request and Response Models are defined, the SDK
includes input and output marshalling of your methods
• SDKs know how to handle throttling responses
• SDKs also know how to sign requests with AWS
temporary credentials (SigV4)
• Support for Android, iOS, JavaScript, …

33. Demo

34. Amazon API Gateway Pricing
• $3.50 per Million API Gateway requests
• Included in the AWS Free Tier
– 1 Million API requests per month for 12 months
• Data Transfer Out (Standard AWS Prices)
– $0.09/GB for the first 10 TB
– $0.085/GB for the next 40 TB
– $0.07/GB for the next 100 TB
– $0.05/GB for the next 350 TB

35. Optional – Dedicated Cache Pricing
Cache Memory
Size (GB)
Price per Hour
(USD)
0.5 $0.020
1.6 $0.038
6 $0.200
13 $0.250
28 $0.500
58 $1.000
118 $1.900
237 $3.800

36. Availability
• Today!
• Initially available in:
– US East (N. Virginia)
– US West (Oregon)
– EU West (Dublin)
– Plan to enable other regions rapidly

37. Amazon API Gateway
Build, Deploy & Manage your APIs
http://aws.amazon.com/apigateway/

38. Your Feedback is Important to AWS
Please complete the session evaluation. Tell us what you think!

39. NEW YORK

40. NEW YORK
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved