API Gateway
| Owner | |
|---|---|
| Verification | |
| Tags | |
| Last edited time |
Expose Rest API endpoint for clients to proxy requests (Lambda, HTTP endpoint, AWS services)
Auto scaling, Versioning, Security, Traffic management
Limits: 29 sec timeout . 10 mb max size (use Lambda for larger tasks - large file upload using pre-signed url)
supports Deployment Stages (Dev/Test/Prod) - can rollback
Endpoint Types
- Edge Optimized - region + CloudFront to improve latency for global clients
- Regional - within a single region (can manually configure Caching and CloudFront)
- Private - within a VPC - need resource policy
Errors
4xx - client side
400 - bad request
403 - Access denied / WAF
429 - Quota exceeded Too Many Requests - add retry in client side
5xx - server side
502 - bad gateway (incomplete output from lambda proxy - heavy loads
503 - service unavailable
504 integration failure (endpoint time out) - 29 seconds
Security
SSL , Route53 - set CNAME, Resource policy , IAM execution role, CORS (cross-origin resource sharing for browser security)
Access: IAM, Lambda Authorizer - for SAML, Cognito
Login: CloudWatch logs/Kinesis, X-ray and CloudWatch metrics
API Keys
define a usage plan (identity clients - configure usage) can apply quota and throttling
Websocket API - chat / multiplayer
to replay to client define @conection at real time communication - chat
Private API’s
create Interface Endpoint in a private subnet - use endpoint policy or resource policy