Building APIs with Amazon API Gateway: re:Invent 2018 Recap at the AWS Loft - San Francisco API Gateways can simplify the work that a developer needs to do to build API based services by helping to standardize authentication and authorization, consumer interfaces, and management needs. With Amazon API Gateway you get all of this and more, including a completely serverless management of your APIs and the ability to host them at almost any scale. You also can get the benefits of the numerous types of APIs that are supported, from pubic to private, REST to Websockets, backed by almost any backend you can think of. In this session we’ll review the powerful capabilities of Amazon API Gateway and how you can get started building awesome APIs. Speaker: Chris Munns - Principal Developer Advocate, AWS Serverless Applications

1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Pop-up Loft
Building APIs with Amazon API Gateway
Chris Munns
Principal Developer Advocate
AWS Serverless

2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
About me:
Chris Munns - munns@amazon.com, @chrismunns
– Principal Developer Advocate - Serverless
– New Yorker
– Previously:
• AWS Business Development Manager – DevOps, July ’15 - Feb ‘17
• AWS Solutions Architect Nov, 2011- Dec 2014
• Formerly on operations teams @Etsy and @Meetup
• Little time at a hedge fund, Xerox and a few other startups
– Rochester Institute of Technology: Applied Networking and Systems
Administration ’05
– Internet infrastructure geek

3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
https://secure.flickr.com/photos/mgifford/4525333972
Why are we
here today?

4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
A look back at
development at
Amazon..
https://secure.flickr.com/photos/pixelthing/15806918992/

5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon.com in 1994-2001
monolithic application
+
monolithic teams

6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Monolith development lifecycle
developers
releasetestbuild
delivery pipelineapp

7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
• Single-purpose
• Connect only through
APIs
• Connect over HTTPS
• Largely “black boxes” to
each other
• “Microservices”

8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon S3 at launch:

9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon S3 re:Invent 2018:

10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
> 60 million deployments a year*
Thousands of teams
× Microservice architecture
× Continuous delivery
× Multiple environments
*2016 number

11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
“Software is Eating the World” – Marc Andreessen
“APIs are Eating Software” – Dr. Steve Willmott
Fun fact: Apis is the “Genus” for Honey Bees

12. APIs power all of these:
iPhone
<11 years
iPad
<8 years
iWatch
<4 years
Echo
<4 years
Tesla
Model S
<6 years
Illumina DNA
Sequencer
<4 years
Netflix
Streaming
~11 years
Airbnb
~10 years
Uber
<9 years
Square
<9 years
Amazon
Prime
~13 years
Slack
< years
*Ages might be slightly off

13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Building your
API
https://secure.flickr.com/photos/spenceyc/7481166880

14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic API technology stack
?API
“server”
?API backend

15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
API Management Challenges
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time
consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
• Dealing with increased management overhead

16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Introducing Amazon API Gateway
Amazon API Gateway is a fully managed service that
makes it easy for developers to create, publish, maintain,
monitor, and secure APIs at any scale:
• Host multiple versions and stages of your APIs
• Create and distribute API Keys to developers
• Throttle and monitor requests to protect your backend
• Leverage signature version 4 to authorize access to APIs
• Request / Response data transformation and API mocking
• Reduced latency and DDoS protection through CloudFront
• Optional Managed cache to store API responses
• SDK Generation for Java, JavaScript, Java for Android, Objective-C or
Swift for iOS, and Ruby
• Swagger support

17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Manage APIs with API Gateway
Mobile Apps
Websites
Services
Amazon API Gateway
API Gateway
Cache
Public
Endpoints on
Amazon EC2
Amazon
CloudWatch
Monitoring
All publicly
accessible
endpoints
Lambda
Functions
Endpoints
in VPC
Applications
& Services
in VPC
Any other
AWS service
Fully-managed
CloudFront
Distribution
Edge-OptimizedRegionalPrivate
Customer-managed
CloudFront
Distribution
Applications
& Services
in the same
AWS Region
AWS Direct
Connect
On-premises
HTTPS

18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Introducing: API Gateway WebSockets
Invoke AWS services
like Lambda, Kinesis, or any
HTTP endpoint based on
message content
Build real-time two-way
communication applications
chat, alerts and notifications,
and streaming dashboards
Fully managed APIs
to handle connections and
messages transfer between
users and backend services
Pay for what you use
based on connection minutes
and messages transferred
Stateful connection Stateless connection
Amazon API Gateway
WebSockets API
Public
endpoints on
Amazon EC2
Lambda
functions
Any other
AWS service
All publicly
accessible
endpoints
Amazon
Kinesis
Mobile apps
Chat
AWS IoT
devices
Dashboards

19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS Compute Services
Amazon
EC2
Amazon
Elastic
Container
Service
(ECS)
AWS
Lambda

20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Deploying Microservices on Amazon EC2
Recommendation:
• Single service per host
• Start with small instance sizes
• Leverage Auto Scaling and AWS Elastic
Load Balancing/Application Load
Balancer/Network Load Balancer(if in
VPC)
• Automate the ability to pump out these
environments easily
– Leverage CodeDeploy, CloudFormation,
Elastic Beanstalk or Opsworks
Auto Scaling group
EC2 Instance EC2 Instance EC2 Instance
region
Elastic Load
Balancing

21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Deploying Microservices with ECS
Recommendation
• Put multiple services per host
• Make use of larger hosts with much more
CPU/RAM
• Run helper services on the same host as other
dependent services
• Leverage Auto Scaling and AWS Elastic Load
Balancing/Application Load Balancer/Network
Load Balancer(if in VPC)
• Use AWS Fargate for even less administrative
overhead!
region
Guest OS
Bins/Libs Bins/Libs
App2App1
EC2 Instance
Network Load
Balancer
Public
Application
Load Balancer

22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved

23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Lambda
function
2. Lambda function
invoked
1. API call made against
API Gateway
API clients
Amazon API
Gateway
Lambda
function
Lambda
function
2. API call made directly against
backing AWS service
API clients
Amazon API
Gateway
API clients
Amazon
S3
Amazon
Kinesis
Amazon
DynamoDB
etc..
2. Step Functions workflow
is executed
1. API call made against
API Gateway
Amazon API
Gateway
API clients
AWS Step
Functions
1. API call made against
API Gateway

24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
3 Endpoint Types To Choose From
• Edge optimized: Designed to help you reduce client latency from
anywhere on the Internet
• Regional: Designed to reduce latency when calls are made from the
same region as the API
• Private: Designed to expose APIs only inside your VPC

25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic Serverless API technology stack
API Gateway AWS Lambda
functions

26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Serverless web application with Amazon API Gateway
API Gateway handles all your
application routing. It can
handle authentication and
authorization, throttling,
DDOS protection, and more.
Amazon S3
API Gateway
Lambda runs all the logic
behind your website and
interfaces with databases,
other backend services, or
anything else your site needs.
AWS Lambda
Amazon Simple Storage
Service (Amazon S3) stores all
of your static content: CSS,
JS, images, and more. You
would typically front this with
a CDN such as CloudFront.
Amazon
CloudFront

27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Secure your API
https://www.flickr.com/photos/modernrelics/1093797721/

28. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic Serverless API technology stack
API Gateway AWS Lambda
functions
places where we can secure our application

29. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Security
Several mechanisms for adding Authz/Authn and restricting access to our API:
• IAM Permissions
– Use IAM policies and AWS credentials to grant access
• Lambda Authorizers
– Use Lambda to validate a bearer token(Oauth or SAML as examples) or request
parameters and grant access
• Cognito User Pools
– Create a completely managed user management system
• Resource Policies
– Can restrict based on IP, VPC, AWS Account ID

30. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
API Gateway Lambda Authorizers
Use an AWS Lambda function to invoke whatever authorizer logic/method
you want!
• For example this HTTP Basic Auth example which can be found in the
AWS Serverless Application Repository:

31. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Cognito User Pools
Add user sign-up and sign-
in easily to your mobile and
web apps without worrying
about server infrastructure
Serverless Authentication
and User Management
Verify phone numbers and
email addresses and offer
multi-factor authentication
Enhanced Security
Features
Launch a simple, secure,
low-cost, and fully managed
service to create and
maintain a user directory
that scales to 100s of
millions of users
Managed User Directory
1 2 3

32. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Deploying your
applications
https://secure.flickr.com/photos/simononly/15386966677

33. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
• Stages are named links to a deployed
version of your API
• Recommended for managing API lifecycle
• Dev/test/prod
• Alpha/beta/gamma
• Support for parameterized values through
stage variables
API Stages

34. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Stage Variables
• Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context
object
• Values are accessible from most fields in API
Gateway
• Lambda function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings

35. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Stage Variables and Lambda Aliases
• Using Stage Variables in API Gateway together with Lambda function Aliases
you can manage a single API configuration and Lambda function for multiple
environment stages
myLambdaFunction
1
2
3 = prod
4
5
6 = beta
7
8 = dev
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
Beta
lambdaAlias = beta
Dev
lambdaAlias = dev

36. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Canary Support
Use canary release deployments to gradually roll out new APIs
in Amazon API Gateway:
• configure percent of traffic to go to a new stage deployment
• can test stage settings and variables
• API gateway will create additional Amazon CloudWatch Logs group
and CloudWatch metrics for the requests handled by the canary
deployment API
• To rollback: delete the deployment or set percent of traffic to 0
• Explore new technologies in your API backend:
– New languages
– New frameworks
– Try Lambda in place of other HTTP endpoints!
• Migrate an API from on-premises to AWS via private endpoint
integrations in VPC

37. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Canary Support
v1API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
api.mydomain.com/prod
All traffic to currently deployed version

38. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Canary Support
API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
v1
90%
v2
10%
api.mydomain.com/prod
10% traffic to new deployment of stage, rest to previous version

39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Canary Support
v2API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
api.mydomain.com/prod
All traffic to new deployed version

40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
How can I connect my
clients to my API
backed by API
Gateway?
https://www.flickr.com/photos/lachlanhardy/4150836513/

41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
SDK work flow:
Service
developer
swagger
Node.js
Client SDK
myservice-1.1.1
module
Private Repo
API v1.1.1
Service
Client
v1.1.1

42. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
SDK work flow:
Service
developer
swagger
Private Repo
Service
Client
v1.1.1
API v1.1.1
API v2.0.0 Node.js
Client SDK
myservice-2.0.0
module
Service
Client
v2.0.0

43. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Amazon API Gateway Developer Portal

44. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
https://secure.flickr.com/photos/jasoneppink/499531891
Can’t move fast if you can’t
measure what's going on.

45. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Metrics and logging are a universal right!
CloudWatch Metrics:
• 7 Built in metrics for Lambda
• Invocation Count, Invocation duration, Invocation
errors, Throttled Invocation, Iterator Age, DLQ
Errors, Concurrency
• Can call “put-metric-data” from your function code
for custom metrics
• 7 Built in metrics for API-Gateway
• API Calls Count, Latency, 4XXs, 5XXs, Integration
Latency, Cache Hit Count, Cache Miss Count
• Error and Cache metrics support averages and
percentiles

46. Metrics and logging are a universal right!
CloudWatch Logs:
• API Gateway Logging
• 2 Levels of logging, ERROR and INFO
• Optionally log method request/body content
• Set globally in stage, or override per method
• Lambda Logging
• Logging directly from your code with your language’s
equivalent of console.log()
• Basic request information included
• Log Pivots
• Build metrics based on log filters
• Jump to logs that generated metrics
• Export logs to AWS ElastiCache or S3
• Explore with Kibana or Athena/QuickSight

47. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS X-Ray Integration with Serverless
• Lambda instruments incoming
requests for all supported
languages and can capture calls
made in code
• API Gateway inserts a tracing
header into HTTP calls as well
as reports data back to X-Ray
itself
var AWSXRay = require(‘aws-xray-sdk-core‘);
var AWS = AWSXRay.captureAWS(require(‘aws-sdk’));
S3Client = AWS.S3();

48. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
X-Ray Trace Example

49. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
• API definition as code:
• Portable API definition
• JSON/YAML
• Import/Export your API
• Amazon API Gateway extensions
• Can be used independently or as
part of a CloudFormation template
• Rich 3rd party ecosystem of tools
Swagger – now OpenAPI Specification(OAS)

50. DEMO!

51. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
FIN, ACK
It’s never been easier to build and launch APIs!
• Serverless APIs:
• No management of servers
• Pay for what you use and not for idle resources!
• Instantly scale up without turning any knobs or provisioning any resources
• Tooling to get started in minutes with incredibly minimal code needed
• Built in high availability built into multiple places in the application stack
• Authentication and Authorization built into multiple places in the application stack
InternetMobile/Web
apps
AWS
Databases/
Data stores
API Gateway AWS Lambda
functions

52. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
aws.amazon.com/serverless

53. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Chris Munns
munns@amazon.com
@chrismunnshttps://www.flickr.com/photos/theredproject/3302110152/

54. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved
?
https://secure.flickr.com/photos/dullhunk/202872717/