AWS API Gateway Tutorial

---

1. Creating and Configuring an API Gateway

Example 1: Create a REST API

aws apigateway create-rest-api --name MyAPI --description "My API Gateway"

Explanation

1. Creates a new REST API in AWS API Gateway.

   • aws apigateway create-rest-api

2. Requires a unique API name (MyAPI).

   • --name MyAPI

3. Includes an optional description for documentation.

   • --description "My API Gateway"

4. Generates an API ID required for further configurations.

   • create-rest-api

---

Example 2: Get API Details

aws apigateway get-rest-api --rest-api-id abc1234567

Explanation

1. Retrieves details about a specific API.

   • aws apigateway get-rest-api

2. Requires the API ID obtained from creation.

   • --rest-api-id abc1234567

3. Returns metadata like API name, ID, and status.

   • get-rest-api

4. Useful for verifying configurations before deployment.

   • get-rest-api

---

Example 3: List All APIs

aws apigateway get-rest-apis

Explanation

1. Lists all available APIs in an AWS account.

   • aws apigateway get-rest-apis

2. Returns a JSON list with API names, IDs, and descriptions.

   • get-rest-apis

3. Helps manage multiple API endpoints.

   • get-rest-apis

4. Verifies API existence before making changes.

   • get-rest-apis

---

Example 4: Delete an API

aws apigateway delete-rest-api --rest-api-id abc1234567

Explanation

1. Removes an API Gateway permanently.

   • aws apigateway delete-rest-api

2. Requires an API ID to prevent accidental deletion.

   • --rest-api-id abc1234567

3. Deletes all associated resources (stages, endpoints).

   • delete-rest-api

4. Cannot be undone once deleted.

   • delete-rest-api

---

2. Creating Resources and Methods

Example 1: Create a Resource (Endpoint)

aws apigateway create-resource --rest-api-id abc1234567 --parent-id root123 --path-part users

Explanation

1. Defines a new resource (/users) under an API.

   • aws apigateway create-resource

2. Requires an API ID and parent resource ID.

   • --rest-api-id abc1234567 --parent-id root123

3. Creates a path (/users) for REST operations.

   • --path-part users

4. Used to build hierarchical REST endpoints.

   • create-resource

---

Example 2: Create an HTTP Method (GET)

aws apigateway put-method --rest-api-id abc1234567 --resource-id xyz789 --http-method GET --authorization-type NONE

Explanation

1. Adds a GET method to an existing resource.

   • aws apigateway put-method

2. Requires an API ID and resource ID.

   • --rest-api-id abc1234567 --resource-id xyz789

3. Sets NONE as the authorization type (public access).

   • --authorization-type NONE

4. Used to handle HTTP requests in API Gateway.

   • put-method

---

Example 3: Link a Lambda Function to the Method

aws apigateway put-integration --rest-api-id abc1234567 --resource-id xyz789 --http-method GET --type AWS_PROXY --integration-http-method POST --uri arn:aws:lambda:us-east-1:123456789012:function:MyLambdaFunction

Explanation

1. Connects an API Gateway method to a Lambda function.

   • aws apigateway put-integration

2. Uses AWS_PROXY for direct Lambda integration.

   • --type AWS_PROXY

3. Requires the Lambda function ARN for execution.

   • --uri arn:aws:lambda:us-east-1:123456789012:function:MyLambdaFunction

4. Executes Lambda on GET request from API Gateway.

   • put-integration

---

Example 4: Deploy API to a Stage

aws apigateway create-deployment --rest-api-id abc1234567 --stage-name prod

Explanation

1. Deploys the API Gateway configuration.

   • aws apigateway create-deployment

2. Requires a valid API ID.

   • --rest-api-id abc1234567

3. Creates a new stage (prod) for the API.

   • --stage-name prod

4. Makes the API publicly accessible.

   • create-deployment

---

3. Securing API Gateway with IAM and API Keys

Example 1: Create an API Key

aws apigateway create-api-key --name MyAPIKey --enabled

Explanation

1. Generates a unique API key for authentication.

   • aws apigateway create-api-key

2. Requires a unique key name (MyAPIKey).

   • --name MyAPIKey

3. Sets the key as active for immediate use.

   • --enabled

4. Used to restrict API access to authorized clients.

   • create-api-key

---

Example 2: Attach an API Key to a Usage Plan

aws apigateway create-usage-plan --name MyUsagePlan --throttle rateLimit=10,burstLimit=20 --api-stages apiId=abc1234567,stage=prod

Explanation

1. Defines a usage plan to control API consumption.

   • aws apigateway create-usage-plan

2. Limits API requests to 10 per second with bursts of 20.

   • --throttle rateLimit=10,burstLimit=20

3. Links the usage plan to a specific API stage (prod).

   • --api-stages apiId=abc1234567,stage=prod

4. Prevents API abuse and manages quotas efficiently.

   • create-usage-plan

---

Example 3: Require IAM Authentication

aws apigateway update-method --rest-api-id abc1234567 --resource-id xyz789 --http-method GET --patch-operations op="replace",path="/authorizationType",value="AWS_IAM"

Explanation

1. Enforces IAM authentication for API access.

   • aws apigateway update-method

2. Requires an API ID, resource ID, and method.

   • --rest-api-id abc1234567 --resource-id xyz789 --http-method GET

3. Updates the authorization type to AWS_IAM.

   • op="replace",path="/authorizationType",value="AWS_IAM"

4. Ensures only IAM-authenticated users can access the API.

   • update-method

---

Example 4: Enable API Gateway Logging

aws apigateway update-stage --rest-api-id abc1234567 --stage-name prod --patch-operations op="replace",path="/*/*/logging/dataTrace",value="true"

Explanation

1. Activates detailed logging for API requests.

   • aws apigateway update-stage

2. Requires API ID and stage name (prod).

   • --rest-api-id abc1234567 --stage-name prod

3. Enables data trace logging for all methods.

   • op="replace",path="/*/*/logging/dataTrace",value="true"

4. Useful for debugging API calls and errors.

   • update-stage

---