Amazon API Gateway

 

Adobe - Nils Meder - Cloud Software Engineer

 

About

{
  "_links": {
    "self": {
      "name": "Nils Meder",
      "href": "mailto:meder@adobe.com"
    }
  },
  "living_in": "Hamburg",
  "working_for": "Adobe",
  "job": "Cloud Software Engineer",
  "interests": [
    "coding",
    "containarization",
    "APIs",
    "sports",
    "music",
    "food"
  ]
}

Adobe Hamburg

  • Started As GoLive
  • Now, Adobe Germany Engineering Office
    • Munich Sales Office
  • ~ 140 People
  • Projects: Photoshop/Lightroom for iOS, Icon Factory, Audition, Shared Cloud ...

Shared Cloud

  • Cloud Platform For All Adobe Services
  • Deployed in AWS (US-East, EU-West & Asia Pacific)
  • Web API With Over 38 Resources
  • ~ 30 Mio. Requests A Per Hour
  • ~ 5 Petabyte of S3 Data
  • 99,991% Availability
  • Continuous Deployment And Testing
  • Complemented by A Worker Infrastructure
  • SOC2 Compliant, PCI by end of 2015
  • Currently, Move to Separated Services Architecture

Amazon API Gateway

 

Motivation

  • Unified Front Door to Backend
    • Gateway Pattern
  • Managing Versions And Stages is Difficult
  • Monitoring 3rd Party Developer is Time Consuming
  • Traffic Spike Can Create Operational Burden
  • No Servers Involved at All

Features

  • Host Multiple Versions And Stages of APIs
  • Create And Distribute API keys
  • API Authorization via AWS SigV4
  • Throttling And CloudWatch Monitoring
  • Managed Response Cache
  • Swagger Support
  • Request And Response Data Transformation

How

Does It

Work?

API Call Flow

 

Client

 

Internet

 

API Gateway

 

Cloudwatch

 

Lambda

 

Public Endpoint

 

API Cache

 

Build & Deployment

  • Define APIs With Resources And Methods
  • Deploy APIs to Different Stages
    • Separate API Version Per Stage
    • Separate Throttling & Caching
    • Separate Settings, Logging & Monitoring
  • Maintain New Versions of An Existing API
  • Rollback to Previous API Versions

API Config

  • Create API

Book Store

/books

/books/{id}

  • Create Web Resources
  • Define HTTP Methods

- GET

- GET

- POST

- PUT

- DELETE

API Config

  • API Configurations Can Be Deployed to One Stage
  • As Many Stages As Needed
  • Example:
    • dev (http://myapi.com/dev)
    • stage (http://myapi.com/stage)
    • prod (http://myapi.com/prod)
    • ...

Book Store

dev

stage

prod

Multiple API Versions

APIv1

stage

prod

prod

stage

APIv2

Custom Domain Names

  • Define Custom Domain Names
  • Provide A Signed HTTPS Cert
  • Domain Names Can Point to APIs Or Stages
    • Point To API
      • https://myapi.com/stage
      • https://myapi.com/prod
    • Point Directly to A Stage, e.g. prod
      • https://myapi.com

Securing
Your
API

API Keys

  • Create And Maintain API Keys
  • Set Access Permissions at API/Stage Level
  • Monitor Usage Via CloudWatch

API Keys

  • API Keys Are Not A Security Mechanism
    • Just Plain Text In Application Code
  • Keys Along With Stronger Authentication Mechanisms

Authentication

  • Leverage AWS SigV4 to Sign And Authorize API Calls
    • Amazon Cognito And Security Token Service (STS) Simplify Generation Of Temp Credentials
  • Support OAuth Or Other Authorization Mechanisms Through Custom Headers
    • Configure API to Forward Headers to Own Backend

SigV4

API Gateway

/login

API Gateway

/login

fn_login

Credentials are now verified

Accesskey & Secret

Credentials To Sign Requests

Unauthorized call

/login

Throttling
And
Caching

API Throttling

  • Throttle Request to Protect The Backend
  • Limits Are Developer Defined
    • req/sec
    • HTTP 429 (Too Many Requests)
  • Generated SDKs Automatically Retry Throttled Requests
  • Integrated With CloudWatch

Caching

  • Configure Cache Key And TTL Of Responses
  • Dedicated Cache
  • Cache Hit Will Not Count Against Throttling
  • Can Be Provisioned Between 0.5GB And 237GB
  • Integrated With CloudWatch
  • Add Extra Costs

SDK

Generation

Generate Client SDKs

  • SDK Can Be Generated Per Stage
  • If Models Are Defined, SDKs Contain Input And Output Objects
  • Handle Throttled Requests
  • Can Sign Request With Temp Credentials (SigV4)
  • Support For Android, iOS and JavaScript
    • More to Come...

How
Much Does
It Cost?

Gateway Pricing

  • $3.50 Per Million Requests
  • 1 Million Requests Free Per Year
  • Standard Data Transfer Out Cost
    • $0.09 For The First 10 TB
    • $0.085 For The Next 40 TB
    • ...

Cache Pricing

Cache Size Price Per Hour
0.5 GB $0.020
1.6 GB $0.038
6 GB $0.200
13 GB $0.250
28 GB $0.500
58 GB $1.000
118 GB $1.900
237 GB $3.800

Conclusion

Conclusion

  • Great Serverless API Alternative
  • Attractive Especially For Small Apps
    • Available in 4 Regions
    • No Numbers On Availability
    • PCI Early Next Year
  • Costs Should Be Considered
  • Less Production Examples

References

References

  • AWS: https://aws.amazon.com/api-gateway/
  • AWS Meetup Slides: http://goo.gl/Al14Tv
  • API Gateway Tutorial: https://goo.gl/lBvpJK
  • Gateway Pattern: http://goo.gl/wKEShl

This Presentation

https://slides.com/nilsmeder/apigateway

Demo

Amazon API Gateway

By Nils Meder

Amazon API Gateway

TechTalk About Amazon API Gateway

  • 1,351