23. API Gateway **IMPORTANT**

Question 1

What are the API Gateway endpoint types?

Answer 1

1. Edge-Optimized (default)
2. Regional
3. Private

Question 2

You made changes to the API Gateway but they’re not showing up – why?

Answer 2

You need to make a “deployment” for API Gateway changes to be in effect

Question 3

When would you use a Stage variable in API Gateway?

Answer 3

1. to configure your HTTP endpoints your stages talk to (dev, test, prod)
2. to pass configuration parameters to AWS Lambda through mapping templates

Question 4

Stage variables are passed to which object in AWS Lambda?

Answer 4

Stage variables are passed to the “context” object in AWS Lambda

Question 5

If you wanted to change the percentage of traffic sent to a stage, what would you use?

Answer 5

Canary deployment

Used in blue/green deployments

Question 6

What are the API Gateway Integration Types?

Answer 6

1. MOCK
2. HTTP / AWS (Lambda & AWS Services)
3. AWS_PROXY (Lambda Proxy)
4. HTTP_PROXY

Question 7

What is the MOCK Integration Type?

Answer 7

API Gateway returns a response without sending the request to the backend

Question 8

How do you configure the HTTP/AWS Integration Type?

Answer 8

1. you must configure both the integration request and the integration response
2. setup data mapping using mapping templates for the request and response

Question 9

How do you configure the AWS_PROXY Integration Type?

Answer 9

no mapping template

incoming request from the client is the input to Lambda

headers, query string parameters are passed as arguments

the function is responsible for the logic of request / response

Question 10

How do you configure the HTTP_PROXY Integration Type?

Answer 10

no mapping template

the HTTP request is passed to the backend
the HTTP response from the backend is forwarded by API gateway

Question 11

What do you use to modify request / responses for AWS & HTTP integration?

Answer 11

Mapping Templates

Question 12

What is the default cache TTL?

Answer 12

300 seconds

Question 13

What is the max cache TTL?

Answer 13

1 hour (3600 seconds)

Question 14

What header can clients use to invalidate the cache (with proper IAM authorization)?

Answer 14

Cache-Control: max-age=0

Question 15

What should you use to make an API available as an offering ($) for your customers?

Answer 15

a Usage Plan

Question 16

How does a Usage Plan identify API clients and meter access?

Answer 16

API Keys

Question 17

What is an API Key?

Answer 17

an alphanumeric string value to distribute to customers that can be used with a usage plan to control access

Question 18

In a Usage Plan, how are throttling limits applied?

Answer 18

to the API Keys / the individual

Question 19

What is the overall number of maximum requests?

Answer 19

Quota limit

Question 20

What are the steps to configure a usage plan?

Answer 20

1. Create API(s), configure methods to require an API key, and deploy the API(s) to stages
2. Generate or import API keys to distribute to application developers (your customers) who will be using your API
3. Create the usage plan with the desired throttle and quota limits
4. Associate API stages and API keys with the usage plan

Question 21

Callers of the API must supply an assigned API key in which header in requests to the API?

Answer 21

x-api-key

Question 22

What CloudWatch metrics provide information on the efficiency of the cache?

Answer 22

CacheHitCount and CacheMissCount

Question 23

What CloudWatch metric provides information on the total number of API requests in a given period?

Answer 23

Count

Question 24

What CloudWatch metric provides information on the time between when API Gateway relays a request to the backend and when it receives a response from the backend?

Answer 24

IntegrationLatency

Question 25

What CloudWatch metrics provide information on the time between when API Gateway receives a request from a client and when it returns a response from the client?

Answer 25

Latency

Latency will always be higher than IntegrationLatency bc Latency includes IntegrationLatency and other API Gateway overhead

Question 26

What HTTP error message do you receive if requests are being throttled?

Answer 26

HTTP 429 Too Many Requests

Question 27

How do you specify who can access one or more deployed API stages and methods (and also how much and how fast they can access them)?

Answer 27

API Gateway Usage Plans and API keys

Question 28

What is the HTTP Error indicating Gateway Timeout?

Answer 28

HTTP 504

HTTP 504 is ‘Gateway timeout’ error. Several reasons for this error, to quote a few: The load balancer failed to establish a connection to the target before the connection timeout expired, The load balancer established a connection to the target but the target did not respond before the idle timeout period elapsed.

Question 29

What is the HTTP Error indicating a web ACL is blocking requests to your ALB?

Answer 29

HTTP 403 ‘Forbidden’

Question 30

Are 4XXError errors client or server side?

Answer 30

4XXError is client-side

Question 31

Are 5XXError errors client or server side?

Answer 31

5XXError is server-side

Question 32

API Gateway throttles requests at what rps across all API?

Answer 32

API Gateway throttles requests at 10,000 rps across all API

Question 33

What must be enabled when you receive API calls from another domain?

Answer 33

CORS

Question 34

The OPTIONS pre-flight request must contain which headers?

Answer 34

1. Access-Control-Allow-Methods
2. Access-Control-Allow-Headers
3. Access-Control-Allow-Origin

Question 35

Can CORS be enabled through the console?

Answer 35

Yes

Question 36

How should you provide IAM permissions to API Gateway?

Answer 36

Create an IAM policy authorization and attach to a User / Role

Question 37

What allows for Cross Account Access to API Gateway?

Answer 37

Resource Policies + IAM Security

Question 38

What are the 3 ways to handle API Gateway user security?

Answer 38

1. IAM (+ resource policy for cross account)
2. Custom Authorizer
3. Cognito User Pool

Question 39

When should you use IAM for API Gateway security?

Answer 39

IAM is great for users / roles already within your AWS account (+ resource policy for cross account)

Question 40

When should you use a Custom Authorizer for API Gateway security?

Answer 40

When you need to handle 3rd party tokens.

Also known as Lambda Authorizer. Authorizatoin is done in the Lambda function

Question 41

When should you use Cognito User Pool for API Gateway security?

Answer 41

When you want to manage your own user pool that can be backed by Facebook, Google login, etc

Must implement authorization in the backen

Question 42

What type of API is often used in real-time applications such as chat apps, multiplayer games, and financial trading platforms?

Answer 42

WebSocket API

• enables stateful application use cases
• allows server to push information to the client

Question 43

What can be used to grant API access to one AWS account to users in a different AWS account using Signature Version 4 (SigV4) protocols?

Answer 43

A resource policy