Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Building APIs with Amazon API Gateway

781 visualizaciones

Publicado el

API Gateways can simplify the work that a developer needs to do to build API based services by helping to standardize authentication and authorization, consumer interfaces, and management needs. With Amazon API Gateway you get all of this and more, including a completely serverless management of your APIs and the ability to host them at almost any scale. You also can get the benefits of the numerous types of APIs that are supported, from pubic to private, REST to Websockets, backed by almost any backend you can think of. In this session we’ll review the powerful capabilities of Amazon API Gateway and how you can get started building awesome APIs.

Speaker: Chris Munns - Principal Developer Advocate, AWS Serverless Applications, AWS

Building APIs with Amazon API Gateway

  1. 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Pop-up Loft Building APIs with Amazon API Gateway Chris Munns Principal Developer Advocate AWS Serverless
  2. 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved About me: Chris Munns - munns@amazon.com, @chrismunns – Principal Developer Advocate - Serverless – New Yorker – Previously: • AWS Business Development Manager – DevOps, July ’15 - Feb ‘17 • AWS Solutions Architect Nov, 2011- Dec 2014 • Formerly on operations teams @Etsy and @Meetup • Little time at a hedge fund, Xerox and a few other startups – Rochester Institute of Technology: Applied Networking and Systems Administration ’05 – Internet infrastructure geek
  3. 3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved https://secure.flickr.com/photos/mgifford/4525333972 Why are we here today?
  4. 4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved A look back at development at Amazon.. https://secure.flickr.com/photos/pixelthing/15806918992/
  5. 5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon.com in 1994-2001 monolithic application + monolithic teams
  6. 6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Monolith development lifecycle developers releasetestbuild delivery pipelineapp
  7. 7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved • Single-purpose • Connect only through APIs • Connect over HTTPS • Largely “black boxes” to each other • “Microservices”
  8. 8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon S3 at launch:
  9. 9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon S3 re:Invent 2018:
  10. 10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved > 60 million deployments a year* Thousands of teams × Microservice architecture × Continuous delivery × Multiple environments *2016 number
  11. 11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved “Software is Eating the World” – Marc Andreessen “APIs are Eating Software” – Dr. Steve Willmott Fun fact: Apis is the “Genus” for Honey Bees
  12. 12. APIs power all of these: iPhone <11 years iPad <8 years iWatch <4 years Echo <4 years Tesla Model S <6 years Illumina DNA Sequencer <4 years Netflix Streaming ~11 years Airbnb ~10 years Uber <9 years Square <9 years Amazon Prime ~13 years Slack < years *Ages might be slightly off
  13. 13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Building your API https://secure.flickr.com/photos/spenceyc/7481166880
  14. 14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved InternetMobile/Web apps AWS Databases/ Data stores Basic API technology stack ?API “server” ?API backend
  15. 15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved API Management Challenges • Managing multiple versions and stages of an API is difficult. • Monitoring third-party developers’ access is time consuming. • Access authorization is a challenge. • Traffic spikes create an operational burden. • Dealing with increased management overhead
  16. 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Introducing Amazon API Gateway Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale: • Host multiple versions and stages of your APIs • Create and distribute API Keys to developers • Throttle and monitor requests to protect your backend • Leverage signature version 4 to authorize access to APIs • Request / Response data transformation and API mocking • Reduced latency and DDoS protection through CloudFront • Optional Managed cache to store API responses • SDK Generation for Java, JavaScript, Java for Android, Objective-C or Swift for iOS, and Ruby • Swagger support
  17. 17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Manage APIs with API Gateway Mobile Apps Websites Services Amazon API Gateway API Gateway Cache Public Endpoints on Amazon EC2 Amazon CloudWatch Monitoring All publicly accessible endpoints Lambda Functions Endpoints in VPC Applications & Services in VPC Any other AWS service Fully-managed CloudFront Distribution Edge-OptimizedRegionalPrivate Customer-managed CloudFront Distribution Applications & Services in the same AWS Region AWS Direct Connect On-premises HTTPS
  18. 18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Introducing: API Gateway WebSockets Invoke AWS services like Lambda, Kinesis, or any HTTP endpoint based on message content Build real-time two-way communication applications chat, alerts and notifications, and streaming dashboards Fully managed APIs to handle connections and messages transfer between users and backend services Pay for what you use based on connection minutes and messages transferred Stateful connection Stateless connection Amazon API Gateway WebSockets API Public endpoints on Amazon EC2 Lambda functions Any other AWS service All publicly accessible endpoints Amazon Kinesis Mobile apps Chat AWS IoT devices Dashboards
  19. 19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Compute Services Amazon EC2 Amazon Elastic Container Service (ECS) AWS Lambda
  20. 20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Deploying Microservices on Amazon EC2 Recommendation: • Single service per host • Start with small instance sizes • Leverage Auto Scaling and AWS Elastic Load Balancing/Application Load Balancer/Network Load Balancer(if in VPC) • Automate the ability to pump out these environments easily – Leverage CodeDeploy, CloudFormation, Elastic Beanstalk or Opsworks Auto Scaling group EC2 Instance EC2 Instance EC2 Instance region Elastic Load Balancing
  21. 21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Deploying Microservices with ECS Recommendation • Put multiple services per host • Make use of larger hosts with much more CPU/RAM • Run helper services on the same host as other dependent services • Leverage Auto Scaling and AWS Elastic Load Balancing/Application Load Balancer/Network Load Balancer(if in VPC) • Use AWS Fargate for even less administrative overhead! region Guest OS Bins/Libs Bins/Libs App2App1 EC2 Instance Network Load Balancer Public Application Load Balancer
  22. 22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  23. 23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Lambda function 2. Lambda function invoked 1. API call made against API Gateway API clients Amazon API Gateway Lambda function Lambda function 2. API call made directly against backing AWS service API clients Amazon API Gateway API clients Amazon S3 Amazon Kinesis Amazon DynamoDB etc.. 2. Step Functions workflow is executed 1. API call made against API Gateway Amazon API Gateway API clients AWS Step Functions 1. API call made against API Gateway
  24. 24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved 3 Endpoint Types To Choose From • Edge optimized: Designed to help you reduce client latency from anywhere on the Internet • Regional: Designed to reduce latency when calls are made from the same region as the API • Private: Designed to expose APIs only inside your VPC
  25. 25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved InternetMobile/Web apps AWS Databases/ Data stores Basic Serverless API technology stack API Gateway AWS Lambda functions
  26. 26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Serverless web application with Amazon API Gateway API Gateway handles all your application routing. It can handle authentication and authorization, throttling, DDOS protection, and more. Amazon S3 API Gateway Lambda runs all the logic behind your website and interfaces with databases, other backend services, or anything else your site needs. AWS Lambda Amazon Simple Storage Service (Amazon S3) stores all of your static content: CSS, JS, images, and more. You would typically front this with a CDN such as CloudFront. Amazon CloudFront
  27. 27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Secure your API https://www.flickr.com/photos/modernrelics/1093797721/
  28. 28. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved InternetMobile/Web apps AWS Databases/ Data stores Basic Serverless API technology stack API Gateway AWS Lambda functions places where we can secure our application
  29. 29. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Security Several mechanisms for adding Authz/Authn and restricting access to our API: • IAM Permissions – Use IAM policies and AWS credentials to grant access • Lambda Authorizers – Use Lambda to validate a bearer token(Oauth or SAML as examples) or request parameters and grant access • Cognito User Pools – Create a completely managed user management system • Resource Policies – Can restrict based on IP, VPC, AWS Account ID
  30. 30. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved API Gateway Lambda Authorizers Use an AWS Lambda function to invoke whatever authorizer logic/method you want! • For example this HTTP Basic Auth example which can be found in the AWS Serverless Application Repository:
  31. 31. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Cognito User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3
  32. 32. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Deploying your applications https://secure.flickr.com/photos/simononly/15386966677
  33. 33. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved • Stages are named links to a deployed version of your API • Recommended for managing API lifecycle • Dev/test/prod • Alpha/beta/gamma • Support for parameterized values through stage variables API Stages
  34. 34. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Stage Variables • Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings
  35. 35. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Stage Variables and Lambda Aliases • Using Stage Variables in API Gateway together with Lambda function Aliases you can manage a single API configuration and Lambda function for multiple environment stages myLambdaFunction 1 2 3 = prod 4 5 6 = beta 7 8 = dev My First API Stage variable = lambdaAlias Prod lambdaAlias = prod Beta lambdaAlias = beta Dev lambdaAlias = dev
  36. 36. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Canary Support Use canary release deployments to gradually roll out new APIs in Amazon API Gateway: • configure percent of traffic to go to a new stage deployment • can test stage settings and variables • API gateway will create additional Amazon CloudWatch Logs group and CloudWatch metrics for the requests handled by the canary deployment API • To rollback: delete the deployment or set percent of traffic to 0 • Explore new technologies in your API backend: – New languages – New frameworks – Try Lambda in place of other HTTP endpoints! • Migrate an API from on-premises to AWS via private endpoint integrations in VPC
  37. 37. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Canary Support v1API Clients All publicly and privately accessible endpoints Backends in AWS api.mydomain.com/prod All traffic to currently deployed version
  38. 38. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Canary Support API Clients All publicly and privately accessible endpoints Backends in AWS v1 90% v2 10% api.mydomain.com/prod 10% traffic to new deployment of stage, rest to previous version
  39. 39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Canary Support v2API Clients All publicly and privately accessible endpoints Backends in AWS api.mydomain.com/prod All traffic to new deployed version
  40. 40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved How can I connect my clients to my API backed by API Gateway? https://www.flickr.com/photos/lachlanhardy/4150836513/
  41. 41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved SDK work flow: Service developer swagger Node.js Client SDK myservice-1.1.1 module Private Repo API v1.1.1 Service Client v1.1.1
  42. 42. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved SDK work flow: Service developer swagger Private Repo Service Client v1.1.1 API v1.1.1 API v2.0.0 Node.js Client SDK myservice-2.0.0 module Service Client v2.0.0
  43. 43. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Amazon API Gateway Developer Portal
  44. 44. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved https://secure.flickr.com/photos/jasoneppink/499531891 Can’t move fast if you can’t measure what's going on.
  45. 45. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Metrics and logging are a universal right! CloudWatch Metrics: • 7 Built in metrics for Lambda • Invocation Count, Invocation duration, Invocation errors, Throttled Invocation, Iterator Age, DLQ Errors, Concurrency • Can call “put-metric-data” from your function code for custom metrics • 7 Built in metrics for API-Gateway • API Calls Count, Latency, 4XXs, 5XXs, Integration Latency, Cache Hit Count, Cache Miss Count • Error and Cache metrics support averages and percentiles
  46. 46. Metrics and logging are a universal right! CloudWatch Logs: • API Gateway Logging • 2 Levels of logging, ERROR and INFO • Optionally log method request/body content • Set globally in stage, or override per method • Lambda Logging • Logging directly from your code with your language’s equivalent of console.log() • Basic request information included • Log Pivots • Build metrics based on log filters • Jump to logs that generated metrics • Export logs to AWS ElastiCache or S3 • Explore with Kibana or Athena/QuickSight
  47. 47. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS X-Ray Integration with Serverless • Lambda instruments incoming requests for all supported languages and can capture calls made in code • API Gateway inserts a tracing header into HTTP calls as well as reports data back to X-Ray itself var AWSXRay = require(‘aws-xray-sdk-core‘); var AWS = AWSXRay.captureAWS(require(‘aws-sdk’)); S3Client = AWS.S3();
  48. 48. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved X-Ray Trace Example
  49. 49. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved • API definition as code: • Portable API definition • JSON/YAML • Import/Export your API • Amazon API Gateway extensions • Can be used independently or as part of a CloudFormation template • Rich 3rd party ecosystem of tools Swagger – now OpenAPI Specification(OAS)
  50. 50. DEMO!
  51. 51. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved FIN, ACK It’s never been easier to build and launch APIs! • Serverless APIs: • No management of servers • Pay for what you use and not for idle resources! • Instantly scale up without turning any knobs or provisioning any resources • Tooling to get started in minutes with incredibly minimal code needed • Built in high availability built into multiple places in the application stack • Authentication and Authorization built into multiple places in the application stack InternetMobile/Web apps AWS Databases/ Data stores API Gateway AWS Lambda functions
  52. 52. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved aws.amazon.com/serverless
  53. 53. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved Chris Munns munns@amazon.com @chrismunnshttps://www.flickr.com/photos/theredproject/3302110152/
  54. 54. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved ? https://secure.flickr.com/photos/dullhunk/202872717/

×