AWS API Gateway Flashcards

1
Q

What is AWS API GW?

A

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is API GW a regional service?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can your public APIs form API GW into you VPC?

A

Yes 100%, you can make API GW available in your VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can you publish API to edge locations?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the two types of API’s supported by API GW?

A
  • REST

- Websocket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the templating used to define the API?

A

Swagger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Stage in reference to API GW?

A

TBD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can I filter bad actors from accessing API GW?

A

API GW Integrates with WAF and you can use ACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the three endpoints you can have with API GW?

A
  • Public (internet) facing EP (Regional)
  • VPC EP
  • Edge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can APU GW call EC2 in the backend?

A

Yes, 100% supported, this us using the HTTP (S) you can call any URL and this means you cna call any combination of LB in front of EC2 or even on-prem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How cna I place the API GW in front of my on-prem servers behind an LB and are public-facing?

A

API GW can call HTTP(S) in the backend and you can point at any URL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the use case areas

A
  • Web front end
  • App backend (used as part of the backend service)
  • Batch and stream processing
  • Chatbot
  • Amazon Alexa
  • IT Automation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is web sockets supported?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

I am using API gateway and I want to reduce the load on my microservice or EC2 instances and also speed up responses to my customers as they have been complaining about speed, how can I do this?

A

API Gateway has response caching, enable it, this will mean the responses form your microservice or EC2 app get cached and next call for same information means it does not hit your application as the request never hist you app the responses coming from memory in API gateway, it will be much faster response to the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 3 endpoint types for API Gateway?

A
  • Edge-optimised
  • Regional
  • VPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain how Edge-optimised make it faster for the client as the traffic still has to go to your app and this still may be in another region?

A

This is where AWS creates a ‘fully managed CloudFront service for you, hidden, you do not know it is there’. An Edge-optimised endpoint is a type of API endpoint thet is pushed out to the AWS edge locations, where it lives and when you open a connection you will first resolve with Route53 and it will send you to the edge location, here you will open a TLS and all the handshakes happen between you and the edge not between you and the app, once the TLS is established the HTTP is sent and this travels form API GW to you APP over the AWS network, travelling over the AWS network makes it faster as it is highly optimised and private network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a regional endpoint for API Gateway?

A

This is an endpoint thet is created in a region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

I have a private VPC with no internet connectivity, can use API Gateway?

A

Yes, you can create a private gateway VPC endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

I have customer connecting from around the globe to my API Gateway, what endpoint type should I be choosing?

A

You should be choosing edge-optimised as this endpoint type is deployed to the edge location and when a user browser connects to the API gateway they are connecting to the edge. TLS handshake happens to the edge speeding up connection and the HTTP request then goes over AWS network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

With API Gateway, how is CloudFront working with API gateway?

A

When you deploy an API Gateway edge endpoint you are going to get a manged/hidden CloudFront distro used for creating the edge endpoints used to receive your HTTP requests. CloudFront will, be sitting in front of the API Gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

I wnat to secure my API Gateway regional endpoint type from SQL injection, how cna I do this?

A

You can use WAF to create an ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

I wnat to secure my API Gateway edge endpoint type from SQL injection, how can I do this and explain?

A

You can use a WAF in front of the managed/hidden CloudFron that passed all HTTP requests ot ClodFroont.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

I what to have failover between two regions with regional based API Gateway, how cna I do this?

A

Route53 can be configured with latency based routing and health checks.

24
Q

how cna I set up caching on my HTTP puts with API Gateway?

A

You can, caching is only for Get requests.

25
Q

What is caching query string parameters used for an API gateway?

A

When the API gateway receives an HTTP request it checks you query string parameters and if a match it cashes the HTTP response.

26
Q

I have two application instanncestes running on two ECS containers, I am getting two may request from my API Gateway and my budget does not allow me to add any new instances, what can I do?

A

You will rant to rate-limit (throttle) the incoming requests, API Gateway has this as a feature, the feature is called usage plans.

27
Q

What is a usage plan?

A

It enables you to throttle/rate-limit incoming requests.

28
Q

What are the different usage plans for API Gateway?

A
  • API Key level throttling
  • Method level throttling
  • Account-level throttling
29
Q

How can I throttle based on customer application?

A

Using the API Key level throttling, you cna have the application send a key in the x-header and this key is used to throttle on.

30
Q

How can I throttle just on a Get, Post, Put, etc?

A

Using Method level throttling

31
Q

If I just wnat to throttle all request what usage plan should I be using?

A

Account Method level throttling

32
Q

How cna I better understand how my customers are using my API Gateway in front of my application?

A

CloudWatch can be used to understand what is been used, even down to the throttling, like API Key Method level throttling

33
Q

How can I quickly filter out IP’s coming to my API GW?

A

Two options,
- API Gateway Policies (you can create an effect, accept, allow policy with a condition.)
-

34
Q

How can I only allow AWS accounts to call my API?

A

You cna used IAM API Gateway policies, you can filter using a condition on the policy.

35
Q

How can I ensure that only aws account A can access a path called /dogs/names on my API endpoint?

A

You can use IAM API Gateway policies, you can set the resources to just this patch and the principal to the account A.

36
Q

What is IAM Authorization?

A

This is where all HTTP requests are signed with the AWS signing v4 process (SHA 256), where you use your access and secret key ot sign the request. Each signed request is checked by API Gateway (when IAM Austomerizing is enabled) and reject if it does not match.

37
Q

What is IAM Authorization, what much the sender of the HTTP request has?

A

An IAM User, they mush have access and secret keys, this limits the number of users as IAM is only good for 5K users.

38
Q

I wnat to provide custom HTTP request auth for API Gateway requests, how can I do this?

A

You cna use Lambd auth where API Gateway will call your lambda functions and in the lambda function, you cna call any auth from code.

39
Q

How cna I provide OAUTH2 authorization with my API gateway?

A

You can use Cognito with API Gateway

40
Q

I am using API Gateway and I wnat to have my uses sign up for a new account, have password reset and basic account management, how can I do this with API Gateway?

A

API Gateway does not do this on it own but can work with Cognito where Cognito will take care of users sign up, etc and will alos act as an authoriser for the API GW.

41
Q

What are the auth types you can use with API Gateway?

A
  • IAM
  • Lambda
  • Cognito
42
Q

Can you combine Auth methods?

A

Yes, you can combine auth methods,

  • IAM
  • Lambda
  • Cognito
43
Q

I am using API Gateway with Lambda and Dynamodb, how cna I use code as part of Ci/Cd to manage these?

A

You can use SAM, in SAM you cna define an API GW, Lambda and DynamoDB

44
Q

Can I use API Gateway with SAM?

A

Yes 100%, API GW is supported with SAM

45
Q

How are API Gateways API’s defined?

A

Swagger

46
Q

I am deploying a new API update for API GW, I am not 100% sure it is bug-free and I wnat to try it out, how cna I do this safely?

A

You can use API GW Canary deployment and split some of the traffic and if all toes good you can promote this canary.

47
Q

What do you pay for with API gateway?

A

API call and data transfer

48
Q

Can I have HTTP request handled by API gateway?

A

NO, only HTTPs is supported.

49
Q

Can I use the API GW with Lambda Step functions?

A

Yes

50
Q

I am going to use ElasticBeanstalk and I would like ot use API GW, is it supported?

A

Yes 100%

51
Q

How is API Gateway protecting you at L7?

A

automatically protects the backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3).

52
Q

How can API gateway help with latency?

A

helps improve the performance of the APIs and the latency end users experience by caching the output of API calls to avoid calling the backend every time.

53
Q

How cna API Gateway is monitored?

A

integrates with CloudWatch and provides a metrics dashboard to monitor calls to API services

54
Q

I wnat to analyze with Athena to find bad actors making calls ot my API GW, how can I do this?

A

integrates with CloudWatch Logs to receive error, access or debug logs

55
Q

How cna I see backend performance metrics?

A

provides with backend performance metrics covering API calls, latency data and error rates.