Amazon API Gateway
Adobe - Nils Meder - Cloud Software Engineer
About
{
"_links": {
"self": {
"name": "Nils Meder",
"href": "mailto:meder@adobe.com"
}
},
"living_in": "Hamburg",
"working_for": "Adobe",
"job": "Cloud Software Engineer",
"interests": [
"coding",
"containarization",
"APIs",
"sports",
"music",
"food"
]
}
Adobe Hamburg
- Started As GoLive
- Now, Adobe Germany Engineering Office
- Munich Sales Office
- ~ 140 People
- Projects: Photoshop/Lightroom for iOS, Icon Factory, Audition, Shared Cloud ...
Shared Cloud
- Cloud Platform For All Adobe Services
- Deployed in AWS (US-East, EU-West & Asia Pacific)
- Web API With Over 38 Resources
- ~ 30 Mio. Requests A Per Hour
- ~ 5 Petabyte of S3 Data
- 99,991% Availability
- Continuous Deployment And Testing
- Complemented by A Worker Infrastructure
- SOC2 Compliant, PCI by end of 2015
- Currently, Move to Separated Services Architecture
Amazon API Gateway
Motivation
- Unified Front Door to Backend
- Gateway Pattern
- Managing Versions And Stages is Difficult
- Monitoring 3rd Party Developer is Time Consuming
- Traffic Spike Can Create Operational Burden
- No Servers Involved at All
Features
- Host Multiple Versions And Stages of APIs
- Create And Distribute API keys
- API Authorization via AWS SigV4
- Throttling And CloudWatch Monitoring
- Managed Response Cache
- Swagger Support
- Request And Response Data Transformation
How
Does It
Work?
API Call Flow
Client
Internet
API Gateway
Cloudwatch
Lambda
Public Endpoint
API Cache
Build & Deployment
- Define APIs With Resources And Methods
- Deploy APIs to Different Stages
- Separate API Version Per Stage
- Separate Throttling & Caching
- Separate Settings, Logging & Monitoring
- Maintain New Versions of An Existing API
- Rollback to Previous API Versions
API Config
- Create API
Book Store
/books
/books/{id}
- Create Web Resources
- Define HTTP Methods
- GET
- GET
- POST
- PUT
- DELETE
API Config
- API Configurations Can Be Deployed to One Stage
- As Many Stages As Needed
- Example:
- dev (http://myapi.com/dev)
- stage (http://myapi.com/stage)
- prod (http://myapi.com/prod)
- ...
Book Store
dev
stage
prod
Multiple API Versions
APIv1
stage
prod
prod
stage
APIv2
Custom Domain Names
- Define Custom Domain Names
- Provide A Signed HTTPS Cert
- Domain Names Can Point to APIs Or Stages
- Point To API
- https://myapi.com/stage
- https://myapi.com/prod
- Point Directly to A Stage, e.g. prod
- https://myapi.com
- Point To API
Securing
Your
API
API Keys
- Create And Maintain API Keys
- Set Access Permissions at API/Stage Level
- Monitor Usage Via CloudWatch
API Keys
- API Keys Are Not A Security Mechanism
- Just Plain Text In Application Code
- Keys Along With Stronger Authentication Mechanisms
Authentication
- Leverage AWS SigV4 to Sign And Authorize API Calls
- Amazon Cognito And Security Token Service (STS) Simplify Generation Of Temp Credentials
- Support OAuth Or Other Authorization Mechanisms Through Custom Headers
- Configure API to Forward Headers to Own Backend
SigV4
API Gateway
/login
API Gateway
/login
fn_login
Credentials are now verified
Accesskey & Secret
Credentials To Sign Requests
Unauthorized call
/login
Throttling
And
Caching
API Throttling
- Throttle Request to Protect The Backend
- Limits Are Developer Defined
- req/sec
- HTTP 429 (Too Many Requests)
- Generated SDKs Automatically Retry Throttled Requests
- Integrated With CloudWatch
Caching
- Configure Cache Key And TTL Of Responses
- Dedicated Cache
- Cache Hit Will Not Count Against Throttling
- Can Be Provisioned Between 0.5GB And 237GB
- Integrated With CloudWatch
- Add Extra Costs
SDK
Generation
Generate Client SDKs
- SDK Can Be Generated Per Stage
- If Models Are Defined, SDKs Contain Input And Output Objects
- Handle Throttled Requests
- Can Sign Request With Temp Credentials (SigV4)
- Support For Android, iOS and JavaScript
- More to Come...
How
Much Does
It Cost?
Gateway Pricing
- $3.50 Per Million Requests
- 1 Million Requests Free Per Year
- Standard Data Transfer Out Cost
- $0.09 For The First 10 TB
- $0.085 For The Next 40 TB
- ...
Cache Pricing
| Cache Size | Price Per Hour |
|---|---|
| 0.5 GB | $0.020 |
| 1.6 GB | $0.038 |
| 6 GB | $0.200 |
| 13 GB | $0.250 |
| 28 GB | $0.500 |
| 58 GB | $1.000 |
| 118 GB | $1.900 |
| 237 GB | $3.800 |
Conclusion
Conclusion
- Great Serverless API Alternative
- Attractive Especially For Small Apps
- Available in 4 Regions
- No Numbers On Availability
- PCI Early Next Year
- Costs Should Be Considered
- Less Production Examples
References
References
- AWS: https://aws.amazon.com/api-gateway/
- AWS Meetup Slides: http://goo.gl/Al14Tv
- API Gateway Tutorial: https://goo.gl/lBvpJK
- Gateway Pattern: http://goo.gl/wKEShl
This Presentation
https://slides.com/nilsmeder/apigateway
Demo
Amazon API Gateway
By Nils Meder
Amazon API Gateway
TechTalk About Amazon API Gateway