Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building Scalable Services with Amazon API Gateway - Technical 201


Published on

The session introduces Amazon API Gateway and walks through common patterns and use-cases as implemented by API Gateway customers. The second part of the session is dedicated to diving deeper on the new features introduced in the API Gateway and how to make the most of them.

Speaker: Stefano Bulani, Sr Product Manager, Amazon Web Services

Featured Customer - Temando

Published in: Technology
  • Be the first to comment

Building Scalable Services with Amazon API Gateway - Technical 201

  1. 1. ©  2016,  Amazon  Web  Services,  Inc.  or  its  Affiliates.  All  rights  reserved. Stefano  Buliani  – Product  Manager,  AWS Geremy  Davey  – Chief  Architect,  Temando Paul  Chiu,  Principal  Architect,  Temando April  2016 Building  scalable  APIs  with   Amazon  API  Gateway Technical  201
  2. 2. Agenda • What  is  Amazon  API  Gateway • Why  use  Amazon  API  Gateway • Amazon  API  Gateway  and  AWS  Lambda • Temando Case  Study • AWS  Service  Proxy
  3. 3. What  is  Amazon  API  Gateway Internet Mobile  Apps Websites Services AWS  Lambda   functions AWS API  Gateway   Cache Endpoints  on   Amazon  EC2 Any  other  publicly   accessible  endpointAmazon   CloudWatch Amazon   CloudFront Amazon   API  Gateway
  4. 4. Why  Amazon  API  Gateway Create  a  unified  API   frontend  for  multiple   micro-­services DDoS  protection   and  throttling  for   your  backend Authenticate  and   authorise requests   to  a  backend
  5. 5. Unified  Frontend
  6. 6. Unified  Frontend  – Migrating  to  AWS InternetMobile  Apps Amazon API  Gateway On  premise   web  server 1.  Use  API  Gateway  in  front  of  an  on-­premise web  service 2.  Port  the  web  service  to  AWS 3.  Change  integration  in  API  Gateway  to  call  the   new  service
  7. 7. DDoS  Protection  and  Throttling
  8. 8. DDoS  and  Network  Protection Internet Mobile  Apps Websites Services AWS  Lambda   functions Endpoints  on   Amazon  EC2 Amazon   CloudFront Amazon   API  Gateway Layer  7  and  layer  3  DDoS  protection Request  throttling  for  backend  services
  9. 9. Authorisation
  10. 10. Authorisation – AWS  Signature  Version  4 Mobile  Apps AWS  Lambda LambdaHandler API  Gateway Sigv4 Invoke  with   caller  credentials Service  calls  are authorised using the  IAM  Role   DynamoDB
  11. 11. Authorisation – Custom  authorisers in  Lambda Client Lambda  Auth   function API  Gateway OAuth token OAuth provider Policy  is   evaluated Policy  is   cached Endpoints  on   Amazon  EC2 Any  other  publicly   accessible  endpoint AWS  Lambda   functions 403
  12. 12. Scalability,  Out  of  the  Box
  13. 13. Unmanaged  Scalability VPC subnet Availability Zone A Availability Zone B VPC subnet Auto Scaling group WEB WEB Oregon Tokyo VPC subnet Cleanup loop EC2  API start/stop instances JOBS
  14. 14. Managed Managed  Scalability InternetMobile  apps AWS  Lambda   functions AWS API  Gateway   cache Endpoints  on   Amazon  EC2 Any  other  publicly   accessible  endpoint Amazon   CloudWatch Amazon   CloudFront API   Gateway API  Gateway Other  AWS   services AWS  Lambda   functions
  15. 15. Our  Customers
  16. 16. Why  they  use  Amazon  API  Gateway • Running  as  high  as  200,000  requests  per  second • Migrating  legacy  software  to  AWS  Lambda • Using  AWS  Signature  Version  4  for  strong  auth • Exposing  AWS  managed  services  as  their  own  APIs
  17. 17. API  Gateway  and  Lambda
  18. 18. Building  Secure,  Scalable  Backends
  19. 19. Method  and  Integration
  20. 20. Lambda  Invocations API  Gateway   1. Receives  the  request 2. Authorizes  the  request 3. Applies  mapping  templates 4. Invokes  Lambda  function 5. Applies  output  mappings 6. Responds  to  the  client
  21. 21. Input  Mapping:  Lambda  Accepts  an  Event  Body #set($inputRoot = $input.path(‘$’) { “firstName”: “$input.params(‘firstName’)”, “apiKey”: “$context.identity.apiKey”, “items” : [ #foreach($elem in $inputRoot.Items) { “serviceName” : “$util.escapeJavascript($elem.serviceName.S)” , “serviceId” : “$elem.serviceId.S” } #if(foreach.hasNext),#end #end ] } POST:  /dev/hello?firstName=Bob { “Items” : [ { “serviceName” : { “S” : “Amazon API GAteway” }, “serviceId” : { “S” : “ApiGateway” } }, { … } ] } Invoke:  arn:aws:lambda:us-­east-­1:XXXXX:function:helloWorld
  22. 22. Output  Mapping:  Lambda  Returns  a  Body { “authHeader” : “XXXXXXXXXXXXXX”, “body” : { “name”: “Bob”, “dateCreated” : 132323124123 } } HTTP STATUS: 200 HEADER: x-Custom-Auth : XXXXXXXXXXX BODY: { “name”: “Bob”, “dateCreated” : 132323124123 } X-Custom-Auth: integration.response.body.authHeader Mapping template: $input.json(‘$.body’) X-Amz-Function-Error: “” HTTP STATUS: ^$ Lambda  response Generated  HTTP  responseAPI  Gateway  mapping
  23. 23. -­ Over  50,000  registered  users  and  counting -­ Global  Presence -­ Offices  in  Brisbane,  Sydney,  San  Francisco,  Vietnam,  France   We  offer  the  world’s  logistical  resources  in  a  single  intelligent  platform  to   make  commerce  easy  and  universally  accessible.
  24. 24. First  Build Scripting  Languages  and  Relational  Databases are  awesome!
  25. 25. Initial  Architecture Frameworks  and  ORM  will  solve  all  our  problems!
  26. 26. Increasing  Load Load  Balancing  &  Vertical  Scaling  will   solve all  our  problems!
  27. 27. Database  Performance Active-­Active  database  clustering  will  solve all  our  problems!
  28. 28. Big  AWS  Band-­Aid * kpi-­ * Latency  Based Routing * * CNAME CNAME Standard  Ingress Forced  Localised Ingress Custom  Sub-­domain CNAME Future  Stacks* NGINX NGINX NGINX Future  Stacks Future  Stacks NALA1  SET APAC1  SET EMEA1  SET MEMCAHED MEMCACHED MEMCACHED
  29. 29. Breaking  the  Cycle
  30. 30. Modular Development Micro-services with Lambda Service Orientation With API Gateway
  31. 31. Temando’s leading  enterprise  technology  will  be  Magento’s preferred  method  for  carriers  to  integrate  into  Magento
  32. 32. API  Gateway  &  Lambda Demonstration Examples  of  seamlessly  surfacing  existing  functionality  including  authentication   with  new  Lambda  Functionality
  33. 33. AWS  Service  Proxy
  34. 34. Expose  AWS  Services  as  Your  Own  API 1. Kinesis • Customers  collecting  metrics  from  external  developers 2. SQS • APIs  that  only  insert  a  record  in  a  queue 3. DynamoDB • Easy  CRUD  APIs  with  Sigv4 4. AWS  IoT • Expose  device  shadows  as  API  endpoints
  35. 35. Kinesis:  Configure  AWS  Service  Proxy 1. Select  AWS  Service  Proxy 2. Select  the  AWS  service:  Kinesis 3. HTTP  method  from  the  service  API:  POST 4. Set  the  desired  action:  PutRecord 5. The  Execution  Role  can  perform  the  action   and  trusts
  36. 36. Kinesis:  Transform  the  Request 1. Set  Kinesis’  content-­type:  x-­amz-­json-­1.1 2. Static  values  use  Single  Quotes:  ‘value’ 3. Configure  Mapping  Template 1. Use  $util to  base64  encode 2. Use  $input  to  read  incoming  json 3. Static  Partition and  Stream Name
  37. 37. Demo
  38. 38. Takeaways • Use  API  Gateway  to: 1. Abstract  the  implementation 2. Protect  your  service  from  attacks 3. Offload  authentication  and  authorization • Serverless Architectures  allow  you  to: 1. Build  scalable  services  without  managing  any   infrastructure 2. Easily  build  micro-­services’  driven  applications
  39. 39. Next  steps • Go  to  the  API  Gateway  console: • Use  the  example  API  to  get  started  quickly • Learn  more  about  mapping  templates: • Follow  the  AWS  compute  blog  for  updates:
  40. 40. AWS  Training  &  Certification Intro  Videos  &  Labs   Free  videos  and  labs  to   help  you  learn  to  work   with  30+  AWS  services   – in  minutes! Training  Classes In-­person  and  online   courses  to  build   technical  skills  – taught  by  accredited   AWS  instructors Online  Labs   Practice  working  with   AWS  services  in  live   environment  – Learn  how  related   services  work   together AWS  Certification Validate  technical   skills  and  expertise  – identify  qualified  IT   talent  or  show  you   are  AWS  cloud  ready Learn  more:
  41. 41. Your  Training  Next  Steps: ü Visit  the  AWS  Training  &  Certification  pod  to  discuss  your   training  plan  &  AWS  Summit  training  offer ü Register  &  attend  AWS  instructor  led  training ü Get  Certified AWS  Certified?  Visit  the  AWS  Summit  Certification  Lounge  to  pick  up  your  swag Learn  more:
  42. 42. Thank  you!