AWS API Gateway Flashcards
What is AWS API GW?
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale
Is API GW a regional service?
Yes
Can your public APIs form API GW into you VPC?
Yes 100%, you can make API GW available in your VPC.
Can you publish API to edge locations?
Yes
What are the two types of API’s supported by API GW?
- REST
- Websocket
What is the templating used to define the API?
Swagger
What is a Stage in reference to API GW?
TBD
How can I filter bad actors from accessing API GW?
API GW Integrates with WAF and you can use ACLs
What are the three endpoints you can have with API GW?
- Public (internet) facing EP (Regional)
- VPC EP
- Edge
Can APU GW call EC2 in the backend?
Yes, 100% supported, this us using the HTTP (S) you can call any URL and this means you cna call any combination of LB in front of EC2 or even on-prem.
How cna I place the API GW in front of my on-prem servers behind an LB and are public-facing?
API GW can call HTTP(S) in the backend and you can point at any URL.
What are the use case areas
- Web front end
- App backend (used as part of the backend service)
- Batch and stream processing
- Chatbot
- Amazon Alexa
- IT Automation
Is web sockets supported?
Yes
I am using API gateway and I want to reduce the load on my microservice or EC2 instances and also speed up responses to my customers as they have been complaining about speed, how can I do this?
API Gateway has response caching, enable it, this will mean the responses form your microservice or EC2 app get cached and next call for same information means it does not hit your application as the request never hist you app the responses coming from memory in API gateway, it will be much faster response to the customer.
What are the 3 endpoint types for API Gateway?
- Edge-optimised
- Regional
- VPC
Explain how Edge-optimised make it faster for the client as the traffic still has to go to your app and this still may be in another region?
This is where AWS creates a ‘fully managed CloudFront service for you, hidden, you do not know it is there’. An Edge-optimised endpoint is a type of API endpoint thet is pushed out to the AWS edge locations, where it lives and when you open a connection you will first resolve with Route53 and it will send you to the edge location, here you will open a TLS and all the handshakes happen between you and the edge not between you and the app, once the TLS is established the HTTP is sent and this travels form API GW to you APP over the AWS network, travelling over the AWS network makes it faster as it is highly optimised and private network.
What is a regional endpoint for API Gateway?
This is an endpoint thet is created in a region
I have a private VPC with no internet connectivity, can use API Gateway?
Yes, you can create a private gateway VPC endpoint.
I have customer connecting from around the globe to my API Gateway, what endpoint type should I be choosing?
You should be choosing edge-optimised as this endpoint type is deployed to the edge location and when a user browser connects to the API gateway they are connecting to the edge. TLS handshake happens to the edge speeding up connection and the HTTP request then goes over AWS network
With API Gateway, how is CloudFront working with API gateway?
When you deploy an API Gateway edge endpoint you are going to get a manged/hidden CloudFront distro used for creating the edge endpoints used to receive your HTTP requests. CloudFront will, be sitting in front of the API Gateway.
I wnat to secure my API Gateway regional endpoint type from SQL injection, how cna I do this?
You can use WAF to create an ACL
I wnat to secure my API Gateway edge endpoint type from SQL injection, how can I do this and explain?
You can use a WAF in front of the managed/hidden CloudFron that passed all HTTP requests ot ClodFroont.