API Gateway

Question 1

Why would you use lambda authoriser instead of IAM in the API gateway?

Answer 1

IAM works only with AWS apps internal to AWS. Lambda authoriser can use OAUTH and SAML auth schemes so can be used with apps outside of AWS.

Question 2

What API gateway permission scheme uses SigV4 and why would you use it?

Answer 2

IAM permissions for Lambda uses a SigV4 header to pass IAM credentials to API Gateway. You would use it when working with AWS apps that can leverage IAM.

Question 3

For Lambda Authoriser, how is the token passed to the API gateway? Can the result of the call be cached

Answer 3

In the request header, and the results can be cached.

Question 4

When using Lambda Authoriser - and assuming a successful auth against IAM, what must Lambda return to the API gateway?

Answer 4

A policy for the user must be returned

Question 5

Can API gateway be used as a cloudfront origin? Why, Why not?

Answer 5

No. API’s are highly dynamic and changeable and are not good candidates for caching in Cloudfront

Question 6

What is exponential backoff and why is it used?

Answer 6

If an API call fails with to many calls, exponential backoff limits subsequent calls to the API and prevents the API becoming overloaded. Uses an exponential pattern 10ms,20,40,80,160 etc

Question 7

You have a group of users with facebook accounts which you want to be able to seamlessly provide access to an s3 bucket without having them log into AWS. Would you use a Cognito user pool or a federated identity pool and why?

Answer 7

Federated Identity Pool. These allow direct access to AWS resources. The client logs into the federated identity provider and receives an JWT token. This is used to authenticate and get credentials from STS. Federated identities are backed by IAM policies which authorise access to AWS resources.

Question 8

Does API gateway support GraphQL automatically?

Answer 8

No.

Question 9

What is the default protocol for API GW endpoints?

Answer 9

HTTPS