An Idiots Guide to AWS Concepts:

md asif khanmd asif khan
8 min read

What is Amazon EC2?

Amazon EC2(Amazon Elastic Compute Cloud) is a web service to rent virtual services called instances.

Features :

1- Elastic: EC2 allows you to scale your infrastructure up and down based on demand.

2-Instance Type: General purpose, memory intensive, compute-intensive, GPU intensive(Each comes with its CPU, memory storage and networking).

3-OS: EC2 supports various OS e.g. Amazon Linux, Ubuntu, Windows Server.

4- Storage Options :

  • Amazon Elastic Block Store(EBS), is used for persistent block-level storage.

Block-level Storage: EC2 enables you to create storage volumes that can be mounted as devices by EC2 instances. These volumes can be formatted and used like Traditional hard drives.

  • Amazon S3: For object storage, and instance store volumes for temporary storage. It is a scalable and highly durable object storage service provided by AWS. It is designed to store and retrieve large amounts of unstructured data such as images, videos, backups, log files and documents. It stores objects in a flat addressable hierarchy called "buckets".

5- Security: EC2 offers:-

  • Security groups to control inbound and outbound traffic.

  • Virtual private cloud(VPC) for network isolation.

  • Integration with AWS Identity and Access Management for fined-grained access control.

    Notes:

    • Security groups: They act as virtual firewalls for your instances, enabling you to define rules that determine which network traffic is allowed to access your instances.

    • Inbound traffic refers to the network directed toward your system or EC2 instances.

    • Outbound traffic refers to the network traffic generated by your system or EC2 instances and directed toward an external destination.

6- Networking: EC2 instance can be launched in multiple availability zones within a region, allowing you to build highly available and fault-tolerant architecture.

7-Integration: EC2 integrates with other AWS services, such as AWS Lambda, and Amazon Dynamo DB, enabling you to build comprehensive and scalable applications.

What is Amazon API Gateway?

Amazon API Gateway helps developers to create & manage APIs to backend systems running on Amazon EC2, AWS Lambda or any publicly addressable web services.

With Amazon API Gateway, you can generate custom client SDKs for your APIs to connect your backend systems to mobile, web and server applications or services.

Notes:

  • Publicly addressable web services: Publicly accessible over the internet using a publicly accessible IP address or domain name.

  • Custom client SDKs for your API: These refer to software development kits (SDKs) that are specifically designed and provided by the API provider to simplify the integration and usage of their APIs in client applications.

  • REST APIs: APIs that follow HTTP protocols

    • Stateless

    • request/response model.

    • verbs

    • header and status code

  • Web Socket :

    • Full Duplex- Simultaneous communication between clients and server.

    • Persistent connection- Maintains a long-lived connection between client and server.

The architecture of API Gateway :

  • APIs you build in Amazon API Gateway provides you with an integrated and consistent developer experience for building AWS serverless application.

  • API Gateway handles accepting and processing up to hundreds of thousands of concurrent API calls

  • These tasks include

    • Traffic management

    • Authorization

    • Access Control, monitoring

    • API version management

  • API Gateway acts as a "Front Door" for apps to access data, business logic, and functionality from backend services. e.g.

    • Workloads running on Amazon EC2

    • Code running on AWS Lambda

    • Any web application

    • Real-time communication applications(request/response like chatting applications)

Note:- Workloads refer to the applications, services or tasks that are being executed on the EC2 instances. Workloads can range from simple web servers to complex enterprise applications, DBs, batch processing jobs etc.

Features of API Gateway:

  • Support for stateful(WebSocket) and stateless(HTTP and REST) APIs.

  • Powerful flexible authentication mechanisms like AWS Identity and access management policies, lambda authorizer functions and Amazon Cognito user pools.

  • Canary release deployments for safely rolling out changes.

  • CloudTrail logging and monitoring of API usage and API changes.

  • CloudWatch access logging and execution logging including the ability to set alarms.

  • Ability to use AWS cloud formation templates to enable API creation.

  • Support for custom domain names.

Accessing API Gateway:

  • AWS management console: provides a web interface for creating and managing APIs.

  • AWS SDKs: If you are using a programming language that AWS provides an SDK for, you can use an SDK to access the API gateway. SDK simplifies authentication, integrates easily with your development environment and provides access to API Gateway commands.

  • API Gateway V1 and V2 APIs: N/A

  • AWS command line Interface: N/A

  • AWS tools for windows powershell: N/A

AWS API Gateway with AWS Lambda:

  • API Gateway forms the app-facing part of the AWS Serverless infrastructure with AWS Lambda.

  • You can use Lambda to interact with required services and expose lambda functions through API methods in API Gateway.

Notes :

App-facing part:

  • It means that you can leverage lambda to write code for the application's logic and then expose that logic through API Gateway as a set of API endpoints.

  • API Gateway integrates seamlessly with Lambda, allowing you to create a serverless architecture where your API requests are automatically routed to the corresponding lambda functions.

  • By combining lambda and API Gateway you can build and deploy serverless apps that scale automatically, only incur costs when your functions are executed & abstract away the underlying infrastructure management.

API Gateway Use Cases:

Use API Gateway to create REST APIs:

  • Rest API is made up of resources and methods.

  • The resource is a logical entity that is accessed through a resource path.

  • "/incomes" is a response path representing the income of user (Get, Post, Put) operations. The combination of resource path and operation tells us the method of API.

  • In API Gateway REST APIs, the front end is encapsulated by method requests and method responses.

    • method request: {

      HTTP Method (get, put, post......)

      Query Parameter

      Header

      Request Body

      }

    • method response: {

      Status Code

      Response Header

      Response Body

      }

    • API Gateway provides REST API management functionality such as the following:

      • Support for generating SDKs and creating API documentation.

      • Throttling of HTTP requests.

        Note: Throttling refers to the number of requests per second being made.

  • API Gateway provides REST API management functionality such as the following:

    • Support for generating SDKs and creating API documentation

    • Throttling of HTTP requests.

Use API Gateway to create HTTP APIs:

  • HTTP APIs enable you to create Restful APIs with lower latency and lower cost than Rest APIs.

  • We can use HTTP APIs to send requests to AWS lambda or any other routable HTTP endpoints.

  • We can create an HTTP API that integrates with a lambda function on the backend. When a client calls your API, API Gateway sends the request.

Notes: Routable HTTP endpoints - Amazon S3, Amazon Cloud Front, EC2.

How to build an API Gateway?

We can build it using lambda proxy integration or lambda non-proxy integration.

  • Lambda proxy integration :

    • It is a lightweight, flexible API integration type that allows you to integrate an API method with a lambda function.

    • Lambda proxy integration is a feature that allows us to create API endpoints that directly integrate with the AWS lambda function.

    • Traditionally request was transformed before being sent to the Lambda function.

Note: No transformation of request or response by API Gateway in Proxy Lambda integration meaning API Gateway doesn't change the status code, response body etc.

  • Lambda non-proxy integration:

  • User requests API endpoint with some request data

  • API Gateway will decide how to transform the data based on the mapping template that we have defined.

  • Once that request data is transformed, the gateway will forward that transformed data to the lambda function.

  • The lambda function will execute the logic and return the response message to the API Gateway.

  • When the response reaches API Gateway. API Gateway sets the header, status code & response.

Notes:

  • Resource-Based Policy:

    • Resource Based Policies are applied to resources whereas identity-based policies are applied to identity-based entities e.g. users, and roles.

    • If you want to allow or deny certain accounts access to resources you can do so. e.g. Cross accounts access, blocking certain IP ranges, VPC or VPC IDs.

  • Proxy Resources:

    • Proxy resources in API Gateway are used for scenarios where you want to create a flexible and dynamic integration between the client requests and backend services or resources.

      Example:

      • If you have a microservices-based architecture where each microservice handles specific functionalities, you can use a proxy resource to create a unified API that acts as a facade to all your microservices.

Note: The proxy resource can dynamically route incoming requests to the appropriate microservices based on the URL or headers.

Secure your API Gateway with Lambda Authorizers:

Steps:

  • The user sends a get request with auth token.

      GET Request 
  {
      "CustomerId":1,
      "Authorization Token":"My AuthToken"
  }

  • Before that request is handled by the actual lambda handler it goes to the authorizer, where it is authenticated by a data provider. (matches the auth token)

  • The authorizer lambda may be generating auth tokens by Auth0 or maybe creating on its own.

  • The authorizer generates a policy document and sends it back as a response string.

{
    "Policy Document":
    {
    "version": "2012-10-17",
    "Satement":
        [
            {
            "Action": "execute-api : Invoke",
            "Resource":
                        [
                       "arn:aws:execute-api:us-east-1:755314965799:20goj2ul12/*/*"
                        ]
                        "Effect":"Allow"
            }
        ]
    }
}

Note:

  • When you are writing the Authorizer function what you need to do is programmatically change the effect to either "Allow" or "Deny" for the request being made to the handler lambda.

  • arn: Amazon resource name (Uniquely identifies resources)

  • us-east-1: a region where the resource is located

  • 755314965799: account id

  • 20goj27l12: API gateway generated string

0
Subscribe to my newsletter

Read articles from md asif khan directly inside your inbox. Subscribe to the newsletter, and don't miss out.

API GatewayAWSAWS API Gateway

Written by

md asif khan
md asif khan