Amazon API Gateway - API Management - AWS Certification Cheat Sheet

Let’s get a quick overview of Amazon API Gateway from an AWS certification perspective. We will look at important certification questions regarding Amazon API Gateway.

You will learn

  • What is Amazon API Gateway?
  • What are the typical problems in building an API?
  • Why do we need Amazon API Gateway?
  • When do we use Amazon API Gateway?
  • How do you implement authentication and authorization for Amazon API Gateway?

REST API Challenges

Most applications today are built around REST API.

Management of REST API is not easy:

  • You’ve to take care of authentication and authorization
  • You’ve to be able to set limits (rate limiting, quotas) for your API consumers
  • You’ve to take care of implementing multiple versions of your API
  • You would want to monitor your API calls
  • You would want to be able to cache API requests

Amazon API Gateway

How about a fully managed service with auto scaling that can act as a “front door” to your APIs? Welcome “Amazon API Gateway”

Amazon API Gateway helps you to “publish, maintain, monitor, and secure APIs at any scale”

You can authorize users by integrating with:

  • AWS IAM (for AWS users using signature version 4)
  • Amazon Cognito
  • Lambda authorizer (custom authorization with JWT tokens or SAML)

Amazon API Gateway Features

Here are some of the important features:

  • Integrates with AWS Lambda, Amazon EC2, Amazon ECS or any web application
  • Supports HTTP(S) and WebSockets (two way communication - chat apps and streaming dashboards)
  • Serverless. Pay for use (API calls and connection duration)
  • Provides API Lifecycle Management for RESTful APIs and WebSocket APIs
  • You can Run multiple versions of the same API
  • Supports Rate Limits(request quota limits), throttling and fine-grained access permissions using API Keys for Third-Party Developers
  • Lifecycle management for REST APIs
  • Versioning and multiple environments
  • API keys - Generate API keys to monitor usage
    • Implement plans and quota limits for external applications (or developer)
    • WARNING - Do NOT use API keys for Authorization
  • Enable caching for API calls with TTL
  • Protect backends by throttling requests
  • Integrates with
    • Amazon CloudWatch - Performance metrics, API calls, latency data and error rates
    • Amazon CloudWatch Logs - Debug logging
    • AWS CloudTrail - Complete history of changes to your REST API

Amazon API Gateway - Authentication and Authorization & Approaches

How can you implement Authentication with API Gateway?

How do you authenticate a REST API call?

  • Attach a signature or token with your API call

Here are some of the important options:

  • AWS Signature Version 4
    • Create a signature using your AWS secret access key and send it with your API request
    • For API consumers belonging to your AWS account
  • Lambda authorizers
    • Implement a Lambda function to authenticate (JWT, OAuth etc) the token and return IAM policies.
    • Integrate with any custom user directory
  • Amazon Cognito

Certification - Recommended Reading

Cloud Certifications - AWS, Azure and Google Cloud - Top 8 FAQ For Me

Google Cloud For Beginners - How to choose a Database Service?

Teaching Cloud Certifications - Top 6 Learnings

Google Cloud For Beginners - How to choose a Compute Service?

Important Kubernetes Concepts Made Easy

Introduction to Google Cloud - For AWS Professionals

Getting Started with Docker - 5 Easy Steps

GCP PubSub - GCP Certification Cheat Sheet

GCP IAM - GCP Certification Cheat Sheet

GCP App Engine - GCP Certification Cheat Sheet


Congratulations on reading this article!

Wondering what to learn next?


Keep Learning Every Day

Check Out Our Amazing ROADMAPS