Edge-optimized – API Gateway API that is deployed to the specified Region while using a CloudFront distribution.
Private API endpoint – An API endpoint that is exposed through interface VPC endpoints and allows a client to securely accessprivate API resources inside a VPC. .
Regional API endpoint – The hostname of an API that is deployed to the specified Region and intended to serve clients, such as EC2 instances, in the same AWS Region.
Resources:
You expose addressable resources as a tree of API Resources entities, with the root resource (/) at the top of the hierarchy.
The root resource is relative to the API’s base URL, which consists of the API endpoint and a stage name.
In the API Gateway console, this base URI is referred to as the Invoke URI and is displayed in the API’s stage editor after the API is deployed.
Hierarchy:
{Resource}/{Method} or {Resource}/{Sub Resource}/{Method} e.g.
/GET – The GET method of root
/doc/GET – The GET method of /doc
Integration:
Types:
Lambda
HTTP
Mock
VPC Link
AWS Service
Integration Request
Encapsulates an HTTP request received by the backend.
Proxy Integration:
Only available for Lambda and HTTP
If selected, input and output cannot be transformed.
Lambda Proxy Integration – API Gateway passes the incoming request from the client as the input to the backend Lambda function.
HTTP Proxy Integration – passes the incoming request from the client to the HTTP endpoint and passes the outgoing response from the HTTP endpoint to the client.
Is a software development strategy in which a new version of an API (as well as other software) is deployed for testing purposes, and the base version remains deployed as a production release for normal operations on the same stage.
Is defined by stages
Procedure:
Create a Canary at the stage
Deploy the new version to ‘Canary’
When ready, promote the new version
Caching:
Defined by stages
Must define cache capacity: Min 0.5 GB to Max 237 GB
Define the TTL; Default to 300 s
A client can invalidate a cache but need to grant InvalidateCache
Resource Policy:
Control whether a specified principal (typically an IAM user or role) can invoke the API. You can use API Gateway resource policies to allow your API to be securely invoked by:
Users from a specified AWS account.
Specified source IP address ranges or CIDR blocks.
Specified virtual private clouds (VPCs) or VPC endpoints (in any account).
Usage Plans:
To configure a usage plan
Create one or more APIs, configure the methods to require an API key, and deploy the APIs to stages.
Generate or import API keys to distribute to application developers (your customers) who will be using your API.
Create the usage plan with the desired throttle and quota limits.
Associate API stages and API keys with the usage plan.
Callers of the API must supply an assigned API key in the x-api-key header in requests to the API.
Authentication and Authorization:
IAM using SIGv4 (AuthZ and AuthN)
Resource Policy (AuthZ)
Lambda Authorizer (AuthZ)
Cognito User Pool (AuthN)
Web Sockets:
JSON messages are directed to backend integrations based on routes that you configure. (Non-JSON messages are directed to a $default route that you configure.)
There are three predefined routes that can be used: $connect, $disconnect, and $default. In addition, you can create custom routes.
$connect route – when a persistent connection between the client and a WebSocket API is being initiated.
$disconnectroute – when the client or the server disconnects from the API.
custom route – after the route selection expression is evaluated against the message if a matching route is found; the match determines which integration is invoked.
$defaultroute – if the route selection expression cannot be evaluated against the message or if no matching route is found