Services - Networking and Content Delivery Flashcards
1
Q
API Gateway - Characteristics 1
A
- It helps to create, publish, maintain, monitor, and secure APIs at any scale
- Supports stateful (WebSocket) and stateless (HTTP and REST) APIs
- Have flexible authentication mechanisms such as IAM policies, Lambda authorizer functions, and Cognito user pools
- Make APIs available to your customers by using developer portal, for API Gateway managed APIs and non-API Gateway managed APIs (specified with OpenAPI definitions)
- Provides a dashboard to monitor calls to the services and integrates with CloudWatch, CloudTrail, and WAF
2
Q
API Gateway - Characteristics 2
A
- Can manage traffic by adding throttling rules based on the number of requests:
- Per API, per-stage. Applied at the API method level for a stage
- AWS throttling limits. Applied across all accounts and clients
- Per-account limits. Applied to all APIs in an account
- Per-client throttling limits. Applied to clients that use API keys, which also are a client identifier
- When there are too many requests it responds to client with “429 Too Many Requests” HTTP code
3
Q
API Gateway - Endpoint types
A
- Edge-optimized endpoint:
- It reduces latency for requests all around the world
- CloudFront is also used as the public endpoint
- Regional endpoint:
- It reduces latency for requests that originate in the same region
- Can also configure the CDN and protect WAF
- Private endpoint:
- It securely exposes the REST APIs to other services only within the VPC
4
Q
API Gateway - Pricing
A
- HTTP APIs and REST APIs:
- Pay only for the API calls received and the amount of data transferred out
- When using optional data caching also pay based on the cache size selected
- WebSocket APIs:
- Pay when APIs are used based on number of messages sent / received, and connection minutes
5
Q
API Gateway - REST APIs Features
A
- Can set up a cache with customizable keys and TTL for each request
- Able to generate client SDKs for many platforms, so can test new APIs and distribute those SDKs to third-party developers
- Also can run multiple versions of the same API so that applications can continue to call previous API versions
6
Q
Global Accelerator - Characteristics 1
A
- It’s a managed global traffic manager that helps to direct internet traffic from users to your application’s public interfaces or endpoints
- It’s a global service that supports endpoints in multiple AWS Regions
- Pay for each provisioned accelerator. Charged a fixed fee and a incremental charge over Standard Data Transfer rates
7
Q
Global Accelerator - Characteristics 2
A
- By default, it provides two static IP addresses, as a fixed entry point to your applications, that you associate with your accelerator. So, it’s easy to move your endpoints between regions and AZs
- Static IP addresses will be unassigned only if you delete the respective accelerator(s), not if you disable them
- Propagation of changes takes seconds. The opposite to DNS-based client devices and internet resolvers that cache DNS answers for long periods of time
8
Q
Global Accelerator - Standard accelerator
A
- Routes client traffic across regional endpoints based on client location, endpoint health, and configurable policies
- Endpoints can be ALBs, NLBs, EC2 instances, or EIP addresses
- Also allows to shift client traffic across endpoints based on controls such as traffic dials (percentage traffic of the endpoint) and endpoint weights
- Can use IPv4 addresses from your own IP address ranges as entry points
9
Q
Global Accelerator - Custom routing accelerator
A
- Works well where you want to use custom application logic to direct users to a specific destination and port among many, while still gaining the benefits of Global Accelerator
- Only support VPC subnet endpoint types as entry points
10
Q
Global Accelerator - Components
A
- Static IP addresses and DNS name
- Accelerator
- Network zone: services the IP addresses from a unique IP subnet. Similar to an AZ, it’s an isolated unit with its own set of physical infrastructure
- Listener: processes inbound connections from clients to Global Accelerator, based on the port and protocol configured
- Endpoint: the resource where traffic is directed
- Endpoint group: associated with one Region. Includes one or more endpoints in the Region. Using Standard accelerator can use the traffic dial