Amazon API Gateway - FullstackCodingGuy/Developer-Fundamentals GitHub Wiki
-
It is a managed service to Create, Publish, Maintain, Monitor, Secure APIs at any scale
-
Can create APIs in 2 ways RESTful, WebSocket
-
Traffic Management and Throttling
-
CORS Support
-
Authorization and access control
-
Monitoring
-
API Version Management
HTTP
- Low latency
- Cost effective integrations
REST
-
It is an architectural style that leverages the HTTP layer for communication
-
Rich feature sets
-
HTTP vs REST API - Refer this doc https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html
API Gateway Considerations
Data Protection
- Multi Factor Authentication, OTP Validation
- Always use SSL/TLS for communication
- Setup CloudTrail to view all api calls and user activity in the account
- Encryption at rest and transit
AWS IAM
Logging & Monitoring
- CloudWatch - to monitor performance metrics
Compliance Validation
- AWS Responsible for the infra, you are responsible for the data/software/app
Resiliency
- Leverage multiple Availability zones
- Plan for High Availability
Infrastructure Security
Vulnerability Analysis
- Analyse the security threats for your apis as it is directly exposed outside to internet users
- Create security zones - public and secure zone to protect sensitive services/databases from being exposed