amazon api gateway · amazon api gateway simon poile, general manager stefano buliani, product...
TRANSCRIPT
Amazon API Gateway
Simon Poile, General Manager
Stefano Buliani, Product Manager
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Under NDA
Agenda
• Why we built Amazon API Gateway
• Overview of Amazon API Gateway
• Amazon API Gateway Features & Functionality
• Pricing & Availability
• Questions
Amazon API Gateway REMINDER: Under NDA Until Launch
Why we built Amazon API Gateway
API Proliferation
• The number of APIs published is growing fast
• Developers have created 10x more private APIs than public ones
* Data from ProgrammableWeb
2418
10302
0
2000
4000
6000
8000
10000
12000
Jun
-05
No
v-0
5
Ap
r-06
Sep
-06
Feb
-07
Jul-
07
Dec
-07
May
-08
Oct
-08
Mar
-09
Au
g-0
9
Jan
-10
Jun
-10
No
v-1
0
Ap
r-11
Sep
-11
Feb
-12
Jul-
12
Dec
-12
May
-13
Oct
-13
At AWS We Run a Lot of APIs
… Over time we have learned a few lessons
Feedback from Customers…
• Managing multiple versions and stages of an API is difficult
• Monitoring 3rd party developers’ access is time consuming
• Access authorization is a challenge
• Traffic spikes create operational burden
• What if I don’t want servers at all?
Introducing Amazon API Gateway
• Host multiple versions and stages of APIs
• Create and distribute API Keys to developers
• Leverage AWS Sigv4 to authorize access to APIs
• Throttle and monitor requests to protect the backend
• Leverages AWS Lambda
Additional Features
• Managed cache to store API responses
• Reduced latency and DDoS protection through CloudFront
• SDK Generation for iOS, Android, and JavaScript
• Swagger support
• Input and output data transformation
Questions?
How Does Amazon API Gateway Work?
An API Call Flow
Internet
Mobile Apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2
Any other publicly
accessible endpoint Amazon
CloudWatch
Monitoring
Amazon
CloudFront
Build, Clone, Deploy, Rollback
• Build APIs with their resources, methods, and settings
• Deploy APIs to a Stage
– Users can create as many Stages as they want, each with its own
Throttling, Caching, Metering, and Logging configuration
• Clone an existing API to create a new version
– Users can continue working on multiple versions of their APIs
• Rollback to previous deployments
– We keep a history of customers’ deployments so they can always revert to a
previous deployment
API Configuration
• Users can create APIs
• Define resources within an API
• Define methods for a resource
– Methods are Resource + HTTP verb
Pet Store
/pets
/pets/{petId}
• GET
• POST
• PUT
API Deployments
• API Configuration can be deployed to a Stage
• Stages are different environments
– For example development (e.g.
apigateway.com/dev)
– Beta (e.g. apigateway.com/beta)
– Prod (e.g. apigateway.com/prod)
– As many stages as you need
Pet Store
dev
beta
gamma
prod
Manage Multiple Versions and Stages of your APIs
API 1 (v1)
Stage (dev)
Stage (prod)
API 2 (v2)
Stage (dev)
Custom Domain Names
• Users can configure custom domain names
• Provide API Gateway with a signed HTTPS certificate
• Custom domain names can point to an API or a Stage
• Pointing to an API you have access to all Stages
– Beta (e.g. yourapi.com/beta)
– Prod (e.g. yourapi.com/prod)
• Pointing directly to your “prod” Stage
– Prod (e.g. yourapi.com/)
Questions?
API Keys to Meter Usage by 3rd Party Developers
• Create API Keys
• Set its access permissions at API/Stage level
• Meter usage by the API Keys through CloudWatch Logs
Using API Keys to Authorize Access
• The name “Key” implies security – there is no
security in baking text in an App’s code
• API Keys should be used purely to meter usage
by 3rd party developers
• API Keys should be used alongside Sigv4 or
OAuth to authorize access to your APIs
Leverage AWS Sigv4, or Use a Custom Header
• Customers can leverage AWS Sigv4 to sign and
authorize API calls
– Amazon Cognito and AWS Security Token Service (STS)
simplify the generation of temporary credentials for the app
• Customers can support OAuth or other authorization
mechanisms through custom headers
– Simply configure API methods to forward the custom headers to
the backend
Using AWS Signature Version 4
Call Login API,
no auth required
Client API Gateway Backend
/login Lambda
fn_login
User
database
Credentials
verified
Cognito developer
authenticated
identities
Access and
secret key /login
Receives
credentials to
sign API calls
Questions?
Token Bucket Throttling
• Throttling helps customers manage their traffic
• Customers can set burst rate RPS limits and refill rate
• Requests over the limit will be throttled (429 response)
• The generated SDKs retry throttled requests
Dedicated Cache
• Customers can configure a cache key and the Time To
Live (TTL) of the response
• Cached items are returned without calling the backend
• Cache is dedicated to each customer, and stage
• Customers can provision from 0.5GB to 237GB of cache
Request processing workflow
Receive incoming request
•Check for item in dedicated cache
•If found return cached item
Check throttling configuration
•Check current RPS rate
•If above allowed rate return 429
Execute backend call
Questions?
API Models
• Models are a JSON Schema representation of your API
requests and responses
• Models are used for input and output filtering, and SDK
generation
• Models can be reused across multiple methods in an
API
Request / Response Transforms
• Use Velocity Templates to transform data
• Filter output results
– Remove private or unnecessary data
– Filter dataset size to improve API performance
• GET to POST
– Read all query string parameters from your GET request, and create a body
to make a POST to your backend
• JSON to XML
– Receive JSON input and transform it to XML for your backend
– Receive JSON from a Lambda function and transform it to XML
JSON to XML
API Gateway Backend
GET - /sayHello Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>
Questions?
Generate Client SDKs Based on APIs
• SDKs are generated based on API deployments (Stage)
• If request and response Models are defined the SDK will
also include input and output marshaling
• SDKs already know how to handle throttling responses
• SDKs also know how to sign requests with AWS
temporary credentials
Supported Platforms
• iOS
• Android
• JavaScript
• … more to come
Questions?
Amazon API Gateway Customer Use Cases
Private Beta Customers
Twilio
• Use AWS Lambda to run
business logic
• Use API Gateway to
expose the AWS Lambda
functions as endpoints
• Transforms Lambda’s
JSON output to XML for
their APIs
Under NDA
Mobiquity
• Faster development by
exposing APIs mockups the
same-day
• “… developers feel like they
can deliver what they want,
when they want to – and that
makes for an extremely
valuable tool …”
Questions?
Amazon API Gateway Pricing and Availability
Pricing Dimensions
• API Gateway requests - $3.50 per million requests
• Data Transfer
– $0.09/GB for the first 10 TB
– $0.085/GB for the next 40 TB
– $0.07/GB for the next 100 TB
– $0.05/GB for the next 350 TB
Optional
• Provisioned, Dedicated Cache
Optional – Dedicated Cache Pricing
Cache Memory Size (GB) Price per Hour
0.5 $0.020
1.6 $0.038
6.1 $0.200
13.5 $0.250
28.4 $0.500
58.2 $1.000
118.0 $1.900
237.0 $3.800
Availability
• Expected to launch in July 2015
• Initially available in:
– US East (N. Virginia)
– US West (Oregon)
– EU West (Dublin)
– Plan to enable other regions rapidly
Questions?
Next Steps
• You will receive notification of the launch via email. Until then, please do not: – Talk publically about Amazon API Gateway
– Speculate on AWS’ entry in this space
– Write/blog/tweet about Amazon API Gateway
– Disclose internally
• Reach out to Lisa Perazzoli ([email protected]) with questions.
• Additional information on AWS can be found here: http://aws.amazon.com/
• You can sign up for the PR RSS Feed here: http://phx.corporate-ir.net/phoenix.zhtml?c=176060&p=irol-mediawebservices