KEMBAR78
SVS402-R2 - Building APIs From Front To Back | PDF | Amazon Web Services | Computing
Scribd
Upload
144 views56 pages

SVS402-R2 - Building APIs From Front To Back

The document discusses building APIs from front to back using Amazon API Gateway and AWS Lambda. It provides an example of creating an API using AWS Serverless Application Model (SAM) templates that defines an API Gateway endpoint and Lambda function. It also discusses authentication, throttling, resource policies, data modeling and validation when building APIs.

Uploaded by

Tony
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
144 views56 pages

SVS402-R2 - Building APIs From Front To Back

The document discusses building APIs from front to back using Amazon API Gateway and AWS Lambda. It provides an example of creating an API using AWS Serverless Application Model (SAM) templates that defines an API Gateway endpoint and Lambda function. It also discusses authentication, throttling, resource policies, data modeling and validation when building APIs.

Uploaded by

Tony
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 56

SVS402-R

Building APIs from front to back

Eric Johnson
Senior Developer Advocate – Serverless
Amazon Web Services

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who am I?
• Eric Johnson – @edjgeek
• Sr. Developer Advocate – Serverless, AWS
• Serverless/tooling/automation geek
• Software Architect/Solutions Architect
• Music lover
• Pizza and Diet Dr. Pepper fanatic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon API Gateway

Amazon API Gateway is a fully


managed service that makes it
easy for developers to create,
publish, maintain, monitor, and
secure APIs at any scale
API architecture Lambda
functions

Amazon API Gateway


Public
endpoints on
Amazon EC2
Mobile client Fully managed

Edge-optimized
Amazon API Gateway cache
CloudFront
HTTPS distribution Any other
AWS service

Websites
All publicly
accessible
endpoints
Customer-managed Amazon
CloudFront distribution

Regional
Services
Endpoints
Applications in VPC
and services
in the same
AWS region
AWS Direct
Connect
Private

Applications
and services Amazon CloudWatch
in VPC monitoring
On-premises
API Gateway management

AWS Management AWS CLI AWS SAM


Console

AWS CloudFormation Swagger/OpenAPI AWS Cloud Development Kit


AWS SAM templates
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetProductsFunction:
Type: AWS::Serverless::Function
Properties:
Just 20 lines to create:
Handler: index.getProducts
Runtime: nodejs10.x • Lambda function
CodeUri: src/
Policies: • IAM role
- DynamoDBReadPolicy:
TableName: !Ref ProductTable • API Gateway
Events:
GetResource:
Type: Api
• DynamoDB table
Properties:
Path: /products/{productId}
Method: get
ProductTable:
Type: AWS::Serverless::SimpleTable
AWS SAM templates
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31 AWS Cloud
Resources:
GetProductsFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.getProducts
Allowing API Gateway

Runtime: nodejs10.x this


CodeUri: src/
Policies:
- DynamoDBReadPolicy:
TableName: !Ref ProductTable
===
To become
Lambda function
Events:
GetResource:
Type: Api
this
Properties:
Path: /products/{productId}
Method: get
Role
ProductTable: Table

Type: AWS::Serverless::SimpleTable
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Meet Angus and Elly
• Newly married
• Want to keep track of each
other
• Budding developers
• Want to build it themselves
• Want it to be secure
• Want to use serverless

Image source: https://pixabay.com/vectors/boy-colorful-comic-characters-1298928/


The family website
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What services shall we start with?
AWS Cloud

API Gateway AWS Lambda Amazon


DynamoDB

Amazon
CloudFront

AWS Amplify
Console
Amazon S3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Phase one summary

We went from this …


Phase one summary
AWS Cloud

To this!
GetFunction

Client RecordsTable
API Gateway

PostFunction
Hosting the front end

AWS Amplify
Console

Git-based workflow for


deploying and hosting
full-stack serverless web
applications

AWS Amplify Console makes life easy!


© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Not an exhaustive list
Covering Not covering
• Amazon Cognito • Cache
• Throttling • CloudFront
• Resource policies
• AWS WAF
• Data models
Authentication and authorization
AWS Cloud

• User pools through Amazon Cognito


• Amazon Cognito authorizers on API Gateway
Amazon
Cognito

GetFunction

Client RecordsTable
API Gateway

PostFunction

AWS Amplify
Console
Throttling

Client/method Client (Usage Plan) Method Account


(Usage Plan)

10,000 rps

Order of evaluation
Resource policies
AWS Cloud account AWS Cloud account
My API

AWS Identity and Access


Management (IAM)

Corporate data center

ip address: x.x.x.x
Table
AWS Web Application Firewall (AWS WAF)
• Protect API Gateway APIs from common
API Gateway web exploits, such as SQL injection and
cross-site scripting (XSS) attacks
• Block requests from specified IP address
ranges or CIDR blocks
• Block requests originating from a specific
country or region
• Match specified string or regular expression

Rules
pattern in HTTP headers, method, query
string, URI, and the request body
AWS WAF • Block attacks from specific user-agents,
bad bots, and content scrapers
Data modeling and validation
{
deviceType: “angus phone”,
location: “the house”,
message: “eating”,
}

{
deviceType: “angus phone”, {
message: “eating”, "type” : "object",
}
"required” : [ "deviceType", "location" ],
"properties” : {
"deviceType” : { "type" : "string” },
{
location: “the house”, "location” : { "type" : "string” },
message: “eating”, "message" : { "type" : "string” }
}
}
}
{
deviceType: “angus phone”,
location: “the house”,
}

{
deviceType: “angus phone”,
location: “the house”,
message: { success: true }
}
Data modeling and validation

=
{
deviceType: “angus phone”,
location: “the house”,
message: “eating”,
}

!=
{
deviceType: “angus phone”, {
message: “eating”, "type” : "object",
}
"required” : [ "deviceType", "location" ],
"properties” : {

!=
"deviceType” : { "type" : "string” },
{
location: “the house”, "location” : { "type" : "string” },
message: “eating”, "message" : { "type" : "string” }
}
}
}

=
{
deviceType: “angus phone”,
location: “the house”,
}

!=
{
deviceType: “angus phone”,
location: “the house”,
message: { success: true }
}
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Phase two summary
Phase two summary
AWS Cloud

Amazon
Cognito

Throttling and validation


Resource policy
GetFunction

Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Meet Rufus and Beatrice

• New family members


• Same goals for tracking
• Need a simple device

Image Source: https://pixabay.com/vectors/boy-comic-characters-dad-daughter-1299084/


Challenge
Simple phone-location service can
be too chatty

https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
Solution: API key
Require an API key
and a usage plan Client/method Client Method Account

• API key allows devices to


connect to API 10,000 rps

• Data plan throttles


connections
Challenge
Simple phone cannot modify
outgoing payload

https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
Solution: Transform the data
{
deviceType: “”,
location: “”,
Current
message: “”, schema
}

{
deviceId: “”, Device
geoCoord: “”, schema
}

https://pixabay.com/illustrations/smartphone-tablet-emoji-yellow-3170621/
Where to handle the transformation?
AWS Cloud

Amazon
Cognito

Resource policy
GetFunction

Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console
Option A: Transform at the Lambda function
AWS Cloud

Amazon
Cognito

Resource policy
GetFunction

Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console

Mobile client
Option B: Transform at the API Gateway
AWS Cloud

Amazon
Cognito

Resource policy
GetFunction

https://api.domain.com/iot
Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console

Mobile client
Solution: Mapping template

{
{ deviceType: “”,
deviceId: “”, location: “”,
geoCoord: “”, message: “”,
} }
Solution: Mapping template

{
{ #set($inputRoot = $input.path('$’))
deviceType: “”,
deviceId: “”, {
”deviceType": $inputRoot.deviceId, location: “”,
geoCoord: “”, message: “”,
”location": $inputRoot.geoCoord,
} ”message”: “NA” }
}

Using mapping templates allows you to


reformat data as needed
More with mapping templates
AWS Cloud

Amazon
Cognito

Resource policy
GetFunction

Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console
More with mapping templates
AWS Cloud

Is this even needed?


Amazon
Cognito

Resource policy
GetFunction

Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console
Service integration
AWS Cloud

transform transport
Amazon
Cognito
Director, Product Mgmt., AWS Serverless Applications

Resource policy

Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console
Service integration request mapping template

Client RecordsTable
API Gateway

{
• GET request converted "TableName" : "FamilyBackend-Table"
to POST for DynamoDB }

• Request mapping
converts to DynamoDB
scan request
Service integration response mapping template

Client RecordsTable
API Gateway

#set($inputRoot = $input.path('$'))
• Response mapping [
template converts data #foreach($elem in $inputRoot.Items) {
"deviceType":"$elem.deviceType.S",
from DynamoDB schema "location": "$elem.location.S",
"message": "$elem.message.S",
"timestamp": $elem.timestamp.N,
"id": "$elem.id.S"
}
#if($foreach.hasNext),
#end
#end
]
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Phase three summary
Phase three summary
AWS Cloud

Amazon
Cognito

Resource policy

https://api.domain.com/iot
Client RecordsTable
API Gateway

AWS WAF PostFunction

AWS Amplify
Console
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Final thoughts
• Base website • API key/usage plan
• Authentication/authorization • Mapping templates
• Throttling • Service integration
• Resource policies
• AWS WAF
Final thoughts
• Base website • API key / usage plan
• Authentication/authorization • Mapping templates
• Throttling • Service integration
• Resource policies
• AWS WAF

And … we used AWS SAM for most of it!


Final thoughts
Convert OpenAPI 3 to Swagger

Export to Swagger Import from OpenAPI 3

OpenAPI 3
Swagger

When complicated configurations


go beyond AWS SAM, build it in the
Import from Swagger Export to OpenAPI 3
console first and export to
OpenAPI or toSwagger
Convert Swagger OpenAPI 3

JSON YAML
Postman API Gateway
Extensions Extensions
Final thoughts
Convert OpenAPI 3 to Swagger

Export to Swagger Import from OpenAPI 3

OpenAPI 3
Swagger

Import from Swagger Export to OpenAPI 3

Convert Swagger to OpenAPI 3

JSON YAML
Postman API Gateway
extensions extensions
Learn serverless with AWS Training and Certification
Resources created by the experts at AWS to help you learn modern application development

Free, on-demand courses on serverless, including


• Introduction to Serverless • Amazon API Gateway for
Development Serverless Applications
• Getting into the Serverless • Amazon DynamoDB for Serverless
Mindset Architectures
• AWS Lambda Foundations

Additional digital and classroom trainings cover modern


application development and computing

Visit the Learning Library at https://aws.training

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Eric Johnson
@edjgeek

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

You might also like