Section 15: AWS Serverless: API Gateway & Cognito

Question 1

What does API Gateway do with proxy resource?

Answer 1

Passes the entire request and response between the frontend and the backend

Question 2

What is the most popular integration with API Gateway?

Answer 2

AWS Lambda

Question 3

What can API Gateway integrate with

Answer 3

Endpoints on EC2
Load Balancers
Any AWS service
External and publicly accessible HTTP endpoints

Question 4

Are changes in an API Gateway API effective directly?

Answer 4

No, the API has to be published to a stage

Question 5

What does API Gateway keeps in order to allow easy roll backs?

Answer 5

History of deployments

Question 6

API Gateway offers configuration parameters at what level?

Answer 6

At the API stage level

Question 7

Do APIs have environment variables?

Answer 7

Stages have stage variables (which is similar to environment variables but for a specific stage)

Question 8

What can stage variables be used for?

Answer 8

Lambda function ARN
HTTP endpoints
Parameters in mapping templates

Question 9

Are stage variables passed to AWS Lambda?

Answer 9

If the resource method integration type is a Lambda function, then yes stage variables are passed in the “context” object

Question 10

What are canary deployments?

Answer 10

Canary deployments are a pattern for rolling out releases to a subset of users or servers.

Question 11

What are mapping templates in API Gateway?

Answer 11

They are a way to modify requests / responses (Rename parameters, modify body content, add headers, remove information, etc.)

Question 12

In what language are mapping templates written?

Answer 12

Velocity Template Language (VTL)

Question 13

What is a common way of writing REST API as code?

Answer 13

Swagger / Open API

Question 14

What are the two supported languages when writing Swagger specification?

Answer 14

YAML

JSON

Question 15

What can you do if one of your endpoints is receiving lots of traffic and the response is always the same?

Answer 15

Use caching

Question 16

What is the default TTL in the API Gateway cache?

Answer 16

300 seconds (5 minutes)

Question 17

What is the min TTL in the API Gateway cache?

Answer 17

0 seconds

Question 18

What is the max TTL in the API Gateway cache?

Answer 18

3600 seconds (1 hour)

Question 19

At which level are caches defined?

Answer 19

At the stage level

Question 20

How much data can be in an API Gateway API stage cache at any given time? __ to __

Answer 20

0.5 GB to 237 GB

Question 21

How can clients invalidate the cache manually?

Answer 21

By passing the header “Cache-Control: max-age=0”

Question 22

At what level is it possible to enable CloudWatch logging?

Answer 22

At the stage level

Question 23

Is it possible to override cache settings at the resource level?

Answer 23

Yes

Question 24

API Gateway API metrics are by ___ ?

Answer 24

stage

Question 25

How to get more metrics from your API?

Answer 25

Enabling detailed metrics

Question 26

How to get the full picture tracing of your API + Lamba ?

Answer 26

Enabling X-Ray

Question 27

What must be enabled when you receive calls from another domain?

Answer 27

CORS

Question 28

What headers does the OPTIONS pre-flight request must contain?

Answer 28

Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Origin

Question 29

What can you set if you want to “sell” your APIs to consumers?

Answer 29

Usage Plans and API Keys

Question 30

What do API keys allow you to do?

Answer 30

Track API usage from a specific consumer

Question 31

What are the three available authorization methods for API Calls?

Answer 31

IAM Permissions
Lambda Authorizer
Cognito User Pools

Question 32

What is IAM Permissions authorization good for?

Answer 32

For API authorization within your own infrastructure (Users that need to access the API are registered in your AWS account)

Question 33

What does IAM Permissions authorization leverages?

Answer 33

Signature Version 4 signing process (Sig v4) where IAM credentials are in headers

Question 34

What was the former name of “Lambda Authorizer” ?

Answer 34

Custom Authorizers

Question 35

What is Lambda Authorizer authorization method good for?

Answer 35

Managing authorization with the use of 3rd party type of authentication, OAuth, SAML

Question 36

What must the Lambda Authorizer return?

Answer 36

An IAM policy for the user defining the actions that will be allowed in the backend

Question 37

Can you avoid calling the Lambda Authorizer function multiple times for the same user?

Answer 37

Yes, there is an option to cache the result of authentication

Question 38

What is Cognito User Pools authentication good for?

Answer 38

Good for authenticating (validing the identity) of the caller

Question 39

What does Cognito User Pools NOT offer us?

Answer 39

Authorization

Question 40

What do Cognito users do before calling our API?

Answer 40

Authenticate with Cognito to retrieve a token

Question 41

What does API Gateway do when called to a resource method with Cognito enabled?

Answer 41

Connects with Cognito to evaluate the token

Question 42

Where must the developer implement authorization when using Cognito User Pools?

Answer 42

In the backend

Question 43

What are the three services offered by AWS Cognito

Answer 43

Cognito User Pools
Cognito Identity Pools
Cognito Sync

Question 44

What do Cognito User Pools offer?

Answer 44

Sign in functionality for app users (username/email + password, Google authentication, Facebook authentication, etc.)
Integrate with API Gateway

Question 45

What does Cognito Identity Pools (Federated Identities) provide?

Answer 45

Provide AWS credentials to users so they can access AWS resources directly (CLI, etc.)

Question 46

How does Cognito User Pools integrate as in Cognito Identity Pools?

Answer 46

As an identity provider

Question 47

What is Cognito Sync

Answer 47

It is deprecated and replaced by AppSync

Synchronize data from device to Cognito

Question 48

What identity verification methods are offered by AWS Cognito User Pools?

Answer 48

Verify by email, by phone, MFA, etc.

Question 49

What does Cognito sends back on login/signup?

Answer 49

JWT

Question 50

What does JWT stands for?

Answer 50

JSON Web Token

Question 51

Where do Federated Identity get AWS credentials from for the user?

Answer 51

AWS STS

Question 52

What does (did) AWS Cognito Sync provide?

Answer 52

Storing of preferences, configuration, state of app
Cross device synchronization
Offline capability (Synchronization when back online)

Question 53

Where was data stored in AWS Cognito Sync

Answer 53

In datasets

Question 54

How many datasets could you have?

Answer 54

Up to 20

Question 55

What was the maximum size of a dataset in AWS Cognito Sync?

Answer 55

1 MB