Post on 16-Jan-2017
SecureYourAPIs
WithAmazonAPI Gateway
July, 2015
About MeMy name is Mohammed Badran
About Me
I help companies design, manage, and secure their APIs
Jargon
What is anAPI?
Application Programming Interface
What is anAPI?
A set of routines, protocols, and tools for building applications
What is anAPI?
A software interface that powers the economy
APIS ARE EVERYWHERE
THEY ARE ALL AROUND US
What is anAPI Gateway?
A single entry point into an API
What is anAPI Gateway?
Makes it easy to manage, secure, and operate an API
What is anAPI Gateway?
Handles the plumbing so your developers don’t have to
What is theAmazon API
Gateway?
Manages, proxies, and secures APIs
What is theAmazon API
Gateway?
Provides REST APIs for AWS services
What is theAmazon API
Gateway?
Amazon API Gateway + AWS Lambda == Serverless Microservices
What aremicroservices?
Software architecture style
What aremicroservices?
Small, independent processes communicating via language-agnostic APIs
What aremicroservices?
Opposite: Monoliths
What is a Serverless
Microservice?
A microservice that requires no server administration
What is a Serverless
Microservice?
You only worry about the code, not the infrastructure
What is a Serverless
Microservice?
Similar to a service deployed on a PAAS
An Example
romanapi.com
A serverless microservice that converts Roman numerals to Arabic, and vice versa
/numeral/x
10
“x”
10
Look Mum, No Servers!
API Client Amazon API Gateway AWS Lambda
$ curl https://romanapi.com/v1/numeral/x
{
"result": 10,
"arabic": 10,
"roman": "X",
"success": true,
"original": "x"
}
$ curl https://romanapi.com/v1/numeral/3
{
"result": "III",
"arabic": 3,
"roman": "III",
"success": true,
"original": "3"
}
romanapi.com
Create the API in the console (or define it with Swagger then import it)
Step 1
romanapi.com
Create the request handler in AWS Lambda
Step 2
romanapi.comIntegrate the API and the request handler
Step 3
romanapi.comDeploy the API to a stage
Step 4
The Console
Security Features
Security
API keys for authenticating and auditing API clients
Security
Throttling and rate limiting, individually by stage
SecurityDDOS protection via Amazon CloudFront
SecurityComprehensive threat protection
SecurityComprehensive authentication
Security
OAuth
OpenID Connect
Highlights
Amazon API Gateway
Managed service
Amazon API Gateway
Very cost effective *
Amazon API Gateway
Serverless microservices
Amazon API Gateway
API lifecycle management
Amazon API Gateway
Swagger 2.0 support
Check your requirements!
Tell me:mo@doubleplus.co
Where AreYou On
Your APIJourney?