Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-AWS Developer Associate > API Gateway > Flashcards

API Gateway Flashcards

1
Q

If I wanted to route traffic based on a weighting in API gateway within a stage - what would I do?

A

You would set up a canary distribution within your stage and deploy the function you want to test into the canary for that stage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When using IAM for authentication and authorization for API Gateway, how are the credentials passed to API gateway and what format are they in(hint: think of an http request structure)? Why would I use IAM Authentication over other auth types?

A

Credentials are passed to API gateway using SigV4 in the request header. You would use IAM authentication and authorization when you are working within AWS and using AWS services so you can leverage the full capabilities of IAM - i.e. with lambda, ec2 etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

We have a lambda function backing an API in API Gateway. the integration between API gateway and the lambda function is handled by a lambda proxy. We are also deploying a web front end with javascripts hosted on S3. As such, we will need to enable CORS to allow access from our web domain through to lambda (www.example.com to api.example.com). In this situation how do I enable CORS?

A

We can’t enable CORS at the API level in this case, as CORS does not work against proxy integration types. What we need to do is edit our lambda function to return the Access-Control-Allow-Origin header (* or domain). This will allow for CORS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can an API Gateway cache be invalidated (2 Ways). What do we need to consider in terms of invalidation permissions for one of the methods in particular ?

A

We can either invalidate the entire cache from the aws console OR we can use the cache-control: max-age=0 header on a request.
If we use the cache-control header we need to ensure that we require authorization to be enabled on the cache because if we don’t ANY client can issue the request and invalidate the cache.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

We are monitoring our API gateway deployment and we are seeing some very high values for the IntegrationLatency counter. What does this counter measure. How does it differ from the latency counter?

A

IntegrationLatency is the time it takes for the API gateway to send a request, and receive the response form the backend. The latency counter represents the time taken from when API gateway receives the request from the client to when it returns the request to the client. This includes the IntegrationLatency AND any overhead from API GW itself. Latency will be higher than integration latency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

I have an API Gateway set up called LambdaAPIGateWayStageProxy. I want to use a stage variable to map a development, production and test lambda alias. How would I specify the name of the Lambda function for the API gateways resource method (assume I am using lambdaAlias to contain the name of the functions alias)?

A

Lambda APIGateWayStageProxy:${stageVariables.lambdaAlias}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In API gateway, when you deploy a change what is this change deployed to?

A

Changes are deployed to stages. A stage can have any name you wish.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

We have an exisiting legacy application that uses SOAP as its protocol. On analysis, this service can be migrated to lambda for considerable cost savings. The problem we have is that we have a large base of customers who still use the SOAP protocol to interact with our application. Because we are using Lambda, we also intend to expose the service using API gateway. Is there a way that we can maintain the inbound and outbound SOAP protocol to our clients while using Lambda? Which integration type would you need to use on API gateway

A

We would use API gateway mapping templates to transform the input from legacy services (integration request) to JSON for lambda, and then transform the output from Lambda back to SOAP (integration response). You would need to use the HTTPS/AWS integration type as this allows the use of mapping templates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What deployment strategy would I use if I only needed to service calls to API gateway from one region?

A

Regional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If I am using Lambda Authorizers inmmy API gateway, where is my authentication data held and what is the sequence of events starting with the client request? What MUST the lambda authorizer return?

A
  1. Client requests authentication token from 3rd party
  2. Request and token are sent to API gateway
  3. Token and context is sent to lambda authorizer function
  4. lambda authorizer verifies token with 3rd party
  5. IAM Principal and Policy is returned and cached
  6. Request goes to backend for service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If I wanted to allow for cross account access on API gateway, what sort of policy would I use?

A

Resource Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

For API gateway, what are the default (secs) , minimum and maximum (hours) TTL’s for the gateway cache?

A 
0 sec (min)
300 secs (5 min) default
1 hr max
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Lets say we have an API setup which uses caching, but also has throttling enabled for a usage plan. When a request is made and served from cache is this impacted by the throttle?

A

The API request will be served from cache ASSUMING that the we are below the throttling limit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

I have an API gateway which uses a lambda proxy to instantiate a lambda function via a REST GET method and return some data. I have made a change to my API gateway, but when I try to access it, the changes don’t seem to have been made. Why is this?

A

Updating and making changes in API gateway do not take effect until those changes are deployed into a stage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

We have a lambda function set up with 3 different alias’s - Dev, Test and Prod. Dev points to $latest, test points to version 2 and prod points to version 1. We want to make these accessible through API gateway, but we don’t want to create an entirely new gateway interface for each of the different versions, and we also would like the URI to be static so our testers and developers don;t have to keep changing it if a new version is deployed within lambda. How could we achieve this?

A

We would ideally set up stages in our API gateway deployment, one stage for dev, test and prod. We would then use stageVariables to map each stage to the specific lambda function which would allow us to have uri’s like:

https://tdyzzpxdya.execute-api.ap-southeast-2.amazonaws.com/Test/udemy

and

https://tdyzzpxdya.execute-api.ap-southeast-2.amazonaws.com/Production/udemy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

I am deploying an API gateway which uses a lambda proxy to interact with lambda. I want to deploy this so that my users experience the least latency when communicating with the API. Which endpoint type would I use for the deployment and where would the API Gateway be located and where would requests be executed?

A

You would use the Edge Optimized endpoint. In this case the API gateway is REGION based, but requests are routed through cloudfront and executed at global edge locations

17
Q

What would we supply in the x-api-key header and what is this used to achieve?

A

This header contains the api key which is associated with the API. This is used to execute API calls against the usage plan

18
Q

When using a stage variable for a lambda function alias in an API Gateway resource method, what sort of policy allows access to the lambda function alias and is this set up from the CLI or the console and what does it allow?

A

A resource based policy must be assigned to each of the lambda Alias’s and this must be done via the CLI. It allows the API gateway to invoke a lambda function against a specific lambda alias

19
Q

If I wanted to limit access to my API to only a narrow range of IP’s or a VPC end point, what sort of policy would I use?

A

A resource based policy

20
Q 
Out of the following integration types for API gateway - which one allows for the implementation of mapping templates, and which requests can these change?
Mock
HTTP Proxy
AWS Proxy
HTTPS/AWS
A

HTTP/AWS integration allows for the use of templates to change requests from the client to the backend service and from the backend service back to the client.

21
Q

What is the difference between a Usage Plan and setting limits at the stage and/or method level in API gateway?

A

Setting limits at the stage/method level allows you to throttle against a stage or a method. Usage plans allow you to throttle per customer using API keys.

22
Q

If you enable CloudWatch metrics for API gateway, what level are these collected at? Stage, resource or Method?

A

Stage

23
Q

If we see a very high rate for CacheHitCount or CacheMissCount in Cloudwatch for API gateway, what would this indicate?

A

If the cacheHitCount is high, we are servicing most of our requests via cache. If the CacheMissCount is high, we are not serving requests from cache so we are not using it efficiently.

24
Q

Why would you use

  • IAM Auth
  • Lambda Custom Authorizer
  • Cognito User Pools
A

IAM Auth: For users/roles already within AWS interacting with AWS Technologies

Lambda Auth: 3rd party tokens and integrations (SAML/OAUTH)

Cognito User Pool: Manage own user pools from facebook, google logins etc.

25
Q

How are tokens from a 3rd party sent to API gateway when using lambda authorizers? What format are these tokens in (2)?

A

either as a bearer token in the head or request params. Tokens are either JWT or OAuth.

26
Q

I have an API set up against a lambda function which is using Cognito User Pools for authentication. When verifying the identify of the user, does API Gateway interact with IAM in this situation? What is the sequence of events between the client, cognito user pools and API gateway starting from the client request? Do I need to manage timeouts and implementation of code?

A

No. In this situation API gateway verifies the identity automatically and directly against Cognito.
Firstly, the client will request an authentication token from cognito user pools. The client then passes this token to API Gway which evaluates the token against Cognito User Pools and authorizes. Request is then made against lambda. Cognito will manage timeouts on the token and no custom implementation is required

27
Q

I have several API’s setup servicing different functions. None of these have throttling applied at the stage or method level. What risk do I have?

A

The risk is that if no throttle settings are applied, if there is a spike of traffic against one API this could consume your account level limits, and all other API’s will be throttled.

28
Q

Can API gateway be deployed to allow access from within a private VPC? How would it communicate and what sort of policy would define access to the gateway?

A

Yes. API Gateway has a private type which allows VPC communication via a VPC endpoint. This requires a resource based policy to define access.

29
Q

In API gateway, what would we use a resource policy to achieve (3 things) ? What sort of IAM integration would I use?

A

A resource policy on API gateway is similar to one for lambda.

  • Allow for a VPC endpont
  • It allows us to enable cross account access in conjunction with IAM and
  • To restrict access to a range of source IP’s

You would use IAM auth to allow for cross account access.

30
Q

Out of the 3 types of IAM available for API gateway which one allows for the most flexibility in terms of what IAM policy is returned ? Which of the three types allows for caching and what would it cache in this instance?

A

Lambda Authorizers give the most flexibility as we can choose which IAM policy are returned. Lambda Authorizer allows you to cache the policy that is returned and it is recommended that this is done.

31
Q

For lambda authorizer, how are you billed?

A

You are billed per lambda invocation even if results are cached

32
Q

You would like to validate 3rd party tokens provided in the Bearer Header for authentication. What API IAM integration would you use?

A

Lambda Authoriser (Not cognito) as it is a 3rd party integration using bearer tokens.

33
Q

You have created an API key and a Usage plan, yet using the API key doesn’t work. What should be done?

A

You need to associate the API key with the usage plan for it to work.

34
Q 
Which of the following does NOT allow for a real-time WebSocket API?
API gateway
ALB
AppSynch
DynamoDB
A

DynamoDB does not have a websocket API.

ag-AWS Developer Associate (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions