Section 15: AWS Serverless: API Gateway & Cognito Flashcards
What does API Gateway do with proxy resource?
Passes the entire request and response between the frontend and the backend
What is the most popular integration with API Gateway?
AWS Lambda
What can API Gateway integrate with
Endpoints on EC2
Load Balancers
Any AWS service
External and publicly accessible HTTP endpoints
Are changes in an API Gateway API effective directly?
No, the API has to be published to a stage
What does API Gateway keeps in order to allow easy roll backs?
History of deployments
API Gateway offers configuration parameters at what level?
At the API stage level
Do APIs have environment variables?
Stages have stage variables (which is similar to environment variables but for a specific stage)
What can stage variables be used for?
Lambda function ARN
HTTP endpoints
Parameters in mapping templates
Are stage variables passed to AWS Lambda?
If the resource method integration type is a Lambda function, then yes stage variables are passed in the โcontextโ object
What are canary deployments?
Canary deployments are a pattern for rolling out releases to a subset of users or servers.
What are mapping templates in API Gateway?
They are a way to modify requests / responses (Rename parameters, modify body content, add headers, remove information, etc.)
In what language are mapping templates written?
Velocity Template Language (VTL)
What is a common way of writing REST API as code?
Swagger / Open API
What are the two supported languages when writing Swagger specification?
YAML
JSON
What can you do if one of your endpoints is receiving lots of traffic and the response is always the same?
Use caching
What is the default TTL in the API Gateway cache?
300 seconds (5 minutes)
What is the min TTL in the API Gateway cache?
0 seconds
What is the max TTL in the API Gateway cache?
3600 seconds (1 hour)
At which level are caches defined?
At the stage level
How much data can be in an API Gateway API stage cache at any given time? __ to __
0.5 GB to 237 GB
How can clients invalidate the cache manually?
By passing the header โCache-Control: max-age=0โ
At what level is it possible to enable CloudWatch logging?
At the stage level
Is it possible to override cache settings at the resource level?
Yes
API Gateway API metrics are by ___ ?
stage
How to get more metrics from your API?
Enabling detailed metrics
How to get the full picture tracing of your API + Lamba ?
Enabling X-Ray
What must be enabled when you receive calls from another domain?
CORS
What headers does the OPTIONS pre-flight request must contain?
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Origin
What can you set if you want to โsellโ your APIs to consumers?
Usage Plans and API Keys
What do API keys allow you to do?
Track API usage from a specific consumer
What are the three available authorization methods for API Calls?
IAM Permissions
Lambda Authorizer
Cognito User Pools
What is IAM Permissions authorization good for?
For API authorization within your own infrastructure (Users that need to access the API are registered in your AWS account)
What does IAM Permissions authorization leverages?
Signature Version 4 signing process (Sig v4) where IAM credentials are in headers
What was the former name of โLambda Authorizerโ ?
Custom Authorizers
What is Lambda Authorizer authorization method good for?
Managing authorization with the use of 3rd party type of authentication, OAuth, SAML
What must the Lambda Authorizer return?
An IAM policy for the user defining the actions that will be allowed in the backend
Can you avoid calling the Lambda Authorizer function multiple times for the same user?
Yes, there is an option to cache the result of authentication
What is Cognito User Pools authentication good for?
Good for authenticating (validing the identity) of the caller
What does Cognito User Pools NOT offer us?
Authorization
What do Cognito users do before calling our API?
Authenticate with Cognito to retrieve a token
What does API Gateway do when called to a resource method with Cognito enabled?
Connects with Cognito to evaluate the token
Where must the developer implement authorization when using Cognito User Pools?
In the backend
What are the three services offered by AWS Cognito
Cognito User Pools
Cognito Identity Pools
Cognito Sync
What do Cognito User Pools offer?
Sign in functionality for app users (username/email + password, Google authentication, Facebook authentication, etc.)
Integrate with API Gateway
What does Cognito Identity Pools (Federated Identities) provide?
Provide AWS credentials to users so they can access AWS resources directly (CLI, etc.)
How does Cognito User Pools integrate as in Cognito Identity Pools?
As an identity provider
What is Cognito Sync
It is deprecated and replaced by AppSync
Synchronize data from device to Cognito
What identity verification methods are offered by AWS Cognito User Pools?
Verify by email, by phone, MFA, etc.
What does Cognito sends back on login/signup?
JWT
What does JWT stands for?
JSON Web Token
Where do Federated Identity get AWS credentials from for the user?
AWS STS
What does (did) AWS Cognito Sync provide?
Storing of preferences, configuration, state of app
Cross device synchronization
Offline capability (Synchronization when back online)
Where was data stored in AWS Cognito Sync
In datasets
How many datasets could you have?
Up to 20
What was the maximum size of a dataset in AWS Cognito Sync?
1 MB
