Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Arch > API Gateway > Flashcards

API Gateway Flashcards

1
Q

API Gateway

A

a serverless offering from AWS, which allows us to create REST APIs that are going to be public and accessible for clients.

the clients will talk to the API Gateway, and the beautiful thing is that the API Gateway will then proxy the request to our lambda functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

API Gateway + Lambda

A

we can integrate the API Gateway with the lambda, and that gives us a full serverless application, so no infrastructure to manage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

API Gateway + WebSocket Protocol

A

We have support for the WebSocket Protocol, so we can do real-time streaming through the API Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

API versioning

A

The API Gateway handle API versioning, so we can go from version one to version two, and version three, and not break our clients,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

environments

A

we can handle multiple environments, that includes a dev, a test, and a prod environment,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

API keys

A

We have the ability to create API keys, do request throttling, in case some clients are doing too many requests on their API Gateway,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

common standards

A

we can also use some common standards, such as swagger, or Open API 3.0, to import quickly defined APIs, and also we can export them as swagger and Open API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

validating requests and response

A

We can transform and validate requests and response

in the API Gateway level, to ensure that the invocations are correct,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HTTP endpoint

A

we can expose any HTTP endpoints in the backend,

so it could be, for example, an HTTP API you have on premises, or it could be an Application Load Balancer you have on your cloud environment

in order to add rate limiting, user authentications, API keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS Service

A

So we can expose any AWS API through the API Gateway, for example, we can start a Step Function workflow, we can post a message to SQS directly
from an API Gateway API.

to add authentication, deploy publicly, rate control on some AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

three ways to deploy your API Gateway

endpoint types

A
  1. edge-optimized
  2. regional deployment
  3. private API Gateway
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

edge-optimized endpoint

A

This is for your global clients, your API Gateway is going to be accessible from anywhere in the world,
and to be efficient, the requests are going to be routed through all the CloudFront Edge locations,
which will improve the latency.

Your API Gateway is still only in one region, where you created it, but it’s accessible, efficiently, from every Cloud formation Edge location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

regional deployment

A

when we don’t want to use CloudFront Edge locations,
so it’s when we expect all of our users to be
within the same region where we created our API Gateway, and if you wanted to, you could create your own platform distribution,

and this will give you the same result as an edge-optimized distribution, but this time, you have more control over the caching strategies, and the CloudFront settings themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

private API Gateway

A

can only be accessed from within your VPC,

and it will use interface VPC endpoints for your ENIs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

to define access for an API Gateway,

A

you can use a resource policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3 security aspects

A
  1. IAM Permissions
  2. Lambda authorizers
  3. Cognito user pool
17
Q

IAM Permissions

A

if you want to give one of your user, one of your role access to your API that makes sense to attach an IAM policy to your user and your role,

API Gateway will verify the IAM informations when
you call your rest API, and it’s really good
if you wanna provide API access within your own infrastructure.

So we have our client, it’s calling API Gateway
with Sig v4 (exam), and then API Gateway calls IAM
verifies the policies

but if you give access to users outside of your AWS
then you can’t use IAM

18
Q

Lambda authorizer (Custom Authorizers)

A

uses Amazon Lambda to validate the token that is being passed in the header of your request.

you can cache the result of your authentication, so you don’t need to call your Authorizer Lambda every time a request comes in

Lambda as a result of your authorization must return an IAM Policy for the user, and that IAM Policy will define whether or not the user can call the API.

19
Q

any time you need to evaluate the credentials given by a third party,

A

Lambda authorizer is a great candidate

OAuth, SAML

our client calls a rest API with a token, a third party token, and our API Gateway will call the Lambda authorizer, passing the token to the Lambda authorizer, and the Lambda will return an IAM Policy,
and if everything checks out, then the API Gateway talks to the back

20
Q

user pools for Cognito

A

Cognito will manage the full user lifecycle, and the API Gateway will automatically verify the identity from AWS Cognito,

you don’t need to implement any custom Lambda function, or anything. So it’s all implemented for you, and free.

But the only thing to know, is that Cognito only helps this time with authentication, not authorization.

21
Q

Cognito only helps this time with authentication, not authorization.

A

your client calls the Cognito user pool to authenticate,
and then the Cognito user pool gives back a token to the client. The client now calls our API Gateway, as a rest API and it passes on the token it just received from the Cognito user pool.

The API Gateway will then make sure that the Cognito token is correct, by talking to Cognito directly. And then when it’s happy, it says okay we can now talk to the back end. The back end must ensure that you are authorized

22
Q

when to use IAM for security

A

when you have users or roles already within your AWS accounts.

authentication, and authorization through IAM Policies, and it leverages Sig v4.

23
Q

when to use Lambda authorizer (Custom Authorizers)

A

third party tokens that you don’t control, and you are very flexible, in terms of what IAM policy is going to be returned.

You can handle authentication and authorization because you return an IAM policy, and you’re going to pay per Lambda invocation but you can use caching to limit the number of calls you do to your Lambda function for authorizing, which if you have one million users then you’ll have to call your Lambda function
one million times every time the cache gets invalidated.

24
Q

Cognito can be backed by

A

by Facebook login, Google login etc. So you don’t need to write any custom code, and you must implement the authorization layer on the back end.

So Cognito will just provide you an authentication pattern, not an authorization pattern.

25
Q

To make a serverless API, I should integrate API Gateway with

A

Lambda

Lambda is a serverless technology

Arch (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions