AWS API Gateway
API Gateway to monitor, cache and secure APIs for cloud native use cases
Overview
Amazon Web Services API gateway helps enterprises with optimal management and security of APIs. Modern application development using cloud-native architecture has become the de facto standard. Software engineers and architects have started to use best-of-breed runtime, frameworks, and programming languages to implement real-world use cases.Building APIs for powering modern web applications, or as an integration layer between two systems, or ETL processing has recently gained popularity. Application designers, developers, and architects spend a significant amount of time defining the API layer for modern app development.
Several architecture patterns, such as API Gateway patterns, have emerged as an essential feature to optimize communication between client and API. API lifecycle management has become a crucial part of application architecture capability.LTI has helped customers to implement API gateway patterns using AWS API Gateway for many use cases of cloud-native application development.Here are a few of the key learnings and best practices using AWS API Gateways:
Key Learnings and Best Practices
Improve responsiveness with caching
Static contents can be cached by enabling the cache option in API Gateway. This reduces the number of hits to the endpoint and improves latency. We can use TTL to set cache expiry, ensuring that cached data doesn’t become stale after an optimal time. While enabling cache, choose cache size to align with the expected load to the endpoint. Keep track of CloudWatch metrics such as CacheMissCount and CacheHitCount regularly.
API security
Encryption can be enabled for cache to secure data at rest. Use CloudFront distribution with a custom SSL certificate in front of API Gateway to ensure added security for data in transit. Private RESTful APIs can be created for accessing within VPC. AWS WAF can be leveraged for securing API from DDoS attacks. Implement authentication and authorization using AWS Lambda Authorizer or Cognito user pool. Enable AWS CloudTrail for tracking and monitoring API calls.
Protect APIs from malicious attack
Enable throttling to prevent a massive number of concurrent calls from clogging our backend. Apart from this, the usage of WAF will prevent DDoS attacks. Consider generating API Keys and usage plans for better management and billing for public APIs.
Leveraging low code platform AWS Amplify to accelerate modernization
Low code platforms such as AWS Amplify allow enterprises to modernize custom-built apps using AWS Lambda as a serverless backend. This platform provides easy-to-use templates for the front end and AWS Lambda backend development and provides easy integration with the AWS Services such as API Gateway, DynamoDB, Cognito, AppSync, and other AWS serverless platforms. This tool also provides automated CI/CD for continuous integration of Lambda functions developed using this tool.
API lifecycle management using DevSecOps
Integrate API lifecycle management with DevSecOps pipeline using staging and versioning capabilities of AWS API gateway. A/B testing and blue/green deployment can be enabled by integrating API lifecycle management using the DevSecOps pipeline.
API version management
Version management can be done by using either URL versioning or headers. Versions can be passed on in the domain name, path, or query strings in URL strategy. The header strategy versions can be either passed in Accept header or custom header key-value pairs.
Cross account access
There might be situations where private APIs are required to be accessed from a different account but within the same region. In such cases, resource-based policies which allow cross-account access can be assigned to the gateway. Then the API can be accessed from the other account using its VPC interface endpoints.
Our Experience
Leading American Electrical Distribution Company
LTI has helped customers modernize legacy monolithic applications to cloud-native architecture using serverless AWS Lambda APIs as backend. We have delivered 200+ APIs to support business functionality and build integration capabilities. All these APIs are exposed through AWS API Gateway as a RESTful endpoint.
LTI’s Service Offering for API Gateway
1. Consulting
Our consulting offering helps customers do integration assessments, build a roadmap for API’fication and build API marketplace solutions on AWS using AWS API gateways and containerization services.2. Cloud-native and serverless API development
LTI helps customers develop and manage cloud-native microservices and serverless APIs to improve agility, reduce development time and deploy applications 3-4 times faster. These APIs are exposed through the AWS API gateway as a group of manageable APIs that can be composed or recomposed as per the business needs.3. Low code development
Low code development offering is responsible for modern application development using AWS Amplify and LTI Infinity Studio. Amplify Studio helps developers implement AWS Lambda-based backend APIs faster and deploy these APIs to AWS API Gateway as RESTful web services.4. DevOps engineering
LTI DevOps engineering services help define quality gates during API development to ensure all quality requirements are met and deploy AAPIs 3-4 times faster using the automated DevSecOps pipeline.LTI’s Accelerators
This platform is equipped with efficiency kits for application assessment, development, deployment, FinOps, operations, and DevOps tools to accelerate cloud-native and serverless API development and deployment on the AWS API gateway.
Infinity AppLens App assessment framework for understanding the health of the legacy applications. Technology insights gathered through this assessment help to define target cloud-native architecture using API Gateway and cloud-native architecture.
Studio LTI low code platform helps accelerate cloud-native microservices development and deploy these microservices on AWS API gateway.
Infinity DevOps Self-service DevSecOps platform for automated deployment of APIs on AWS API Gateway.
Infinity Ensure A self-service SaaS platform that provides FinOps governance on AWS serverless services viz AWS Lambda, API Gateway, RDS, DynamoDB, etc.
Observability Platform for Serverless LTI’s observability solutions help quickly navigate the root cause of the problem, reducing the time for API development.
Conclusion
AWS API Gateway is a valuable service to expose API using HTTP, REST, and Web Sockets. Its ability to integrate with many other AWS services like Lambda, EC2, DynamoDB, and WAF has widened its use cases. Its ability to cache, scale, and monitor has made it a go-to service for backend development and microservice implementation.
LTI has helped multiple customers to build and expose APIs on AWS API Gateway for web application, integration, and ETL implementation use cases. We have deep expertise and experience in making highly secured and scalable APIs using AWS API Gateway.