Building API-Driven Microservices with API Gateway

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chris Munns – Senior Developer Advocate – AWS Serverless
May 2018
Building API-Driven
Microservices with Amazon API
Gateway

About me:
Chris Munns - munns@amazon.com, @chrismunns
• Senior Developer Advocate - Serverless
• New Yorker
• Previously:
• AWS Business Development Manager – DevOps, July ’15 - Feb ‘17
• AWS Solutions Architect Nov, 2011- Dec 2014
• Formerly on operations teams @Etsy and @Meetup
• Little time at a hedge fund, Xerox and a few other startups
• Rochester Institute of Technology: Applied Networking and Systems Administration ’05
• Internet infrastructure geek

https://secure.flickr.com/photos/mgifford/4525333972
Why are we
here today?

Microservices
“is a software architecture style in which complex
applications are composed of small, independent
processes communicating with each other using
language-agnostic APIs. These services are
small, highly decoupled and focus on doing a
small task, facilitating a modular approach to
system-building.” - Wikipedia
https://en.wikipedia.org/wiki/Microservices

“Software is Eating the World” – Marc Andreessen
“APIs are Eating Software” – Dr. Steve Willmott
Fun fact: Apis is the “Genus” for Honey Bees

Growth in popularity of topics
0
2
4
6
8
10
12
2012 2013 2014 2015 2016 2017
AWS Re:Invent Breakout keyword search
APIs Microservices
Data from https://reinventvideos.com/

What makes a microservice
“micro”?
https://www.flickr.com/photos/davidrosenphotography/14711027415/

What makes a microservice ”micro”?
Too big of a topic to get into depth today! Read
about:
• Domain driven design
• Bounded Contexts
• CQRS models
• Smart endpoints, dumb pipes
• Sam Newman’s book “Building Microservices”
O’Reilly Publishing is a great place to start!

Building your API
https://secure.flickr.com/photos/spenceyc/7481166880

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic API technology stack
?API
“server”
?API
backend

API Management Challenges
Managing multiple versions and stages of an API is difficult.
Monitoring third-party developers’ access is time consuming.
Access authorization is a challenge.
Traffic spikes create an operational burden.
Dealing with increased management overhead

Introducing Amazon API Gateway
Amazon API Gateway is a fully managed service that makes it
easy for developers to create, publish, maintain, monitor, and
secure APIs at any scale:
• Host multiple versions and stages of your APIs
• Create and distribute API Keys to developers
• Throttle and monitor requests to protect your backend
• Leverage signature version 4 to authorize access to APIs
• Request / Response data transformation and API mocking
• Reduced latency and DDoS protection through CloudFront
• Optional Managed cache to store API responses
• SDK Generation for Java, JavaScript, Java for Android,
Objective-C or Swift for iOS, and Ruby
• Swagger support

API Gateway integrations
Internet
Mobile Apps
Websites
Services
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2
Amazon
CloudWatch
Monitoring
Amazon
CloudFront
Any other AWS
service
YOUR VPC
Endpoints in
Your VPC
Regional API Endpoints
All publicly accessible
endpoints
AWS Lambda
functions

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic API technology stack
?API
backend
API Gateway

Internet
Mobile Apps
Websites
Services
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2
Amazon
CloudWatch
Monitoring
Amazon
CloudFront
Any other AWS
service
YOUR VPC
Endpoints in
Your VPC
Regional API Endpoints
All publicly accessible
endpoints
AWS Lambda
functions
API Gateway backend integrations

AWS Compute Services
Amazon
EC2
Amazon
Elastic
Container
Service
(ECS)
AWS
Lambda

Deploying Microservices on Amazon EC2
Recommendation:
• Single service per host
• Start with small instance sizes
• Leverage Auto Scaling and AWS Elastic Load
Balancing/Application Load
Balancer/Network Load Balancer(if in VPC)
• Automate the ability to pump out these
environments easily
• Leverage CodeDeploy, CloudFormation,
Elastic Beanstalk or Opsworks Auto Scaling group
EC2 Instance EC2 Instance EC2 Instance
region
Elastic Load
Balancing

Deploying Microservices with ECS
Recommendation
• Put multiple services per host
• Make use of larger hosts with much more
CPU/RAM
• Run helper services on the same host as other
dependent services
• Leverage Auto Scaling and AWS Elastic Load
Balancing/Application Load Balancer/Network
Load Balancer(if in VPC)
• Use AWS Fargate for even less administrative
overhead!
region
Guest OS
Bins/Libs
Bins/Lib
s
App2App1
EC2 Instance
Network Load
Balancer
Public
Application
Load Balancer

No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in
Serverless means…

SERVICES (ANYTHING)
Changes in
data state
Requests to
endpoints
Changes in
resource state
EVENT SOURCE FUNCTION
Node.js
Python
Java
C#
Go
Serverless applications

Anatomy of a Lambda function
Handler() function
Function to be executed
upon invocation
Event object
Data sent during Lambda
Function Invocation
Context object
Methods available to
interact with runtime
information (request ID,
log group, etc.)
public String handleRequest(Book book, Context context) {
saveBook(book);
return book.getName() + " saved!";
}

Lambda
function
2. Lambda
function invoked
1. API call made
against API Gateway
API clients
Amazon API
Gateway
Lambda
function
Lambda
function
2. API call made directly
against backing AWS service
API clients
Amazon API
Gateway
API clients
Amazon
S3
Amazon
Kinesis
Amazon
DynamoDB
etc..
2. Step Functions
workflow is executed
1. API call made
against API Gateway
Amazon API
Gateway
API clients
AWS Step
Functions
1. API call made
against API Gateway

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic Serverless API technology stack
API Gateway AWS Lambda
functions

Secure your API
https://www.flickr.com/photos/modernrelics/1093797721/

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic Serverless API technology stack
functions
places where we can secure our application

Amazon API Gateway Security
Several mechanisms for adding Authz/Authn to our API:
• IAM Permissions
• Use IAM policies and AWS credentials to grant access
• Custom Authorizers
• Use Lambda to validate a bearer token(Oauth or SAML as
examples) or request parameters and grant access
• Cognito User Pools
• Create a completely managed user management system

Authentication type comparison
Feature AWS_IAM TOKEN REQUEST COGNITO
Authentication X X X X
Authorization X X X
Signature V4 X
Cognito User Pools X X X
Third-Party
Authentication
X X
Multiple Header Support X
Additional Costs NONE Pay per
authorizer
invoke
Pay per authorizer
invoke
NONE

Cognito User Pools
Add user sign-up and sign-
in easily to your mobile and
web apps without worrying
about server infrastructure
Serverless Authentication
and User Management
Verify phone numbers and
email addresses and offer
multi-factor authentication
Enhanced Security
Features
Launch a simple, secure,
low-cost, and fully managed
service to create and
maintain a user directory
that scales to 100s of
millions of users
Managed User Directory
1 2 3

Where do you ..
https://secure.flickr.com/photos/stevendepolo/5749192025/

API definition as code:
• Portable API definition
• JSON/YAML
• Import/Export your API
• Amazon API Gateway extensions
• Can be used independently or as part
of a CloudFormation template
• Rich 3rd party ecosystem of tools
Swagger – now OpenAPI Specification(OAS)

Node.js framework for deploying projects
to AWS Lambda and Amazon API
Gateway
• Has sub projects for microservices,
chat bots and APIs
• Simplified deployment with a single
command
• Use standard NPM packages, no need
to learn swagger
• Manage multiple versions
https://claudiajs.com
https://github.com/claudiajs/claudia
app.js:
var ApiBuilder = require('claudia-api-builder')
var api = new ApiBuilder();
module.exports = api;
api.get('/hello', function () {
return 'hello world';
});
$ claudia create --region us-east-1 --api-module app
ClaudiaJS

Chalice
Python serverless “microframework” for
AWS Lambda and Amazon API Gateway
• A command line tool for creating,
deploying, and managing your app
• A familiar and easy to use API for
declaring views in python code
• Automatic Amazon IAM policy
generation
https://github.com/aws/chalice
https://chalice.readthedocs.io
app.py:
from chalice import Chalice
app = Chalice(app_name="helloworld")
@app.route("/")
def index():
return {"hello": "world"}
$chalice deploy
Chalice

from chalice import BadRequestError
app = Chalice(app_name='apiworld-hot')
FOOD_STOCK = {
'hamburger': 'yes’,
'hotdog': 'no'
}
@app.route('/')
def index():
return {'hello': 'world'}
@app.route('/list_foods')
def list_foods():
return FOOD_STOCK.keys()
@app.route('/check_stock/{food}')
def check_stock(food):
try:
return {'in_stock': FOOD_STOCK[food]}
except KeyError:
raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys())))
@app.route('/add_food/{food}', methods=['PUT'])
def add_food(food):
return {"value": food}
Chalice
application routes
error handling
http method support
Chalice – a bit deeper

Chalice – adding Cognito User Pools
from chalice import BadRequestError
from chalice import CognitoUserPoolAuthorizer
app = Chalice(app_name='apiworld-hot')
authorizer = CognitoUserPoolAuthorizer( 'MyPool', provider_arns=['arn:aws:cognito:...:userpool/name'])
...
...
@app.route('/list_foods')
def list_foods():
return FOOD_STOCK.keys()
@app.route('/check_stock/{food}’, methods=['GET'], authorizer=authorizer)
def check_stock(food):
try:
return {'in_stock': FOOD_STOCK[food]}
except KeyError:
raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys())))
@app.route('/add_food/{food}', methods=['PUT'], authorizer=authorizer)
def add_food(food):
return {"value": food}
authorization
required for certain
routes/methods
adding
authorization
Chalice

AWS Serverless Application Model (SAM)
CloudFormation extension optimized for serverless
New serverless resource types: functions, APIs, and
tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model

SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable

SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells CloudFormation this is a SAM
template it needs to “transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with 5
Read & Write units

From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml
<-THIS
BECOMES THIS->
SAM template

AWS SAM CLI SAM Local
Relaunched/GA’d on May 8th!
CLI tool for local building, validating, testing of
serverless apps
Works with Lambda functions and “proxy-style” APIs
Response object and function logs available on your
local machine
Uses open source docker-lambda images to mimic
Lambda’s execution environment:
• Emulates timeout, memory limits, runtimes
https://github.com/awslabs/aws-sam-cli

Deploying your
applications
https://secure.flickr.com/photos/simononly/15386966677

Stages are named links to a deployed version of
your API
Recommended for managing API lifecycle
• Dev/test/prod
• Alpha/beta/gamma
Support for parameterized values through stage
variables
API Stages

API Gateway Stage Variables
• Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context object
• Values are accessible from most fields in API Gateway
• Lambda function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings

Stage Variables and Lambda Aliases
Using Stage Variables in API Gateway together with Lambda function Aliases you can
manage a single API configuration and Lambda function for multiple environment
stages
myLambdaFunction
1
2
3 = prod
4
5
6 = beta
7
8 = dev
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
Beta
lambdaAlias = beta
Dev
lambdaAlias = dev

Amazon API Gateway Canary Support
Use canary release deployments to gradually roll out new APIs in
Amazon API Gateway:
• configure percent of traffic to go to a new stage deployment
• can test stage settings and variables
• API gateway will create additional Amazon CloudWatch Logs group and
CloudWatch metrics for the requests handled by the canary deployment API
• To rollback: delete the deployment or set percent of traffic to 0
• Explore new technologies in your API backend:
• New languages
• New frameworks
• Try Lambda in place of other HTTP endpoints!
• Migrate an API from on-premises to AWS via private endpoint integrations
in VPC

v1API Clients All publicly and
privately
accessible
endpoints
Backends in
AWS
api.mydomain.com/prod
All traffic to currently deployed version

API Clients All publicly and
privately
accessible
endpoints
Backends in
AWS
v1
90%
v2
10%
10% traffic to new deployment of stage, rest to previous version

v2API Clients All publicly and
privately
accessible
endpoints
Backends in
AWS
All traffic to new deployed version

How can I connect
my clients to my
API backed by API
Gateway?
https://www.flickr.com/photos/lachlanhardy/4150836513/

SDK work flow:
Service
developer
swagger
Node.js
Client SDK
myservice-1.1.1
module
Private Repo
API v1.1.1
Service
Client
v1.1.1

SDK work flow:
Service
developer
swagger
Private Repo
Service
Client
v1.1.1
API v1.1.1
API v2.0.0 Node.js
Client SDK
myservice-2.0.0
module
Service
Client
v2.0.0

An API based application delivery pipeline:
This pipeline:
• Five Stages
• Builds code artifact
• Three deployed to “Environments”
• Uses SAM/CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
• Integrates with a 3rd party
tool/service
• Has a manual approval before
deploying to production
• Creates a client SDK at the end
Source
Source
CodeCommit
MyApplication
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Create SDK
AWS Lambda

FIN, ACK
It’s never been easier to build and launch APIs!
Serverless APIs:
• No management of servers
• Pay for what you use and not for idle resources!
• Instantly scale up without turning any knobs or provisioning any resources
• Tooling to get started in minutes with incredibly minimal code needed
• Built in high availability built into multiple places in the application stack
• Authentication and Authorization built into multiple places in the application stack
InternetMobile/Web
apps
AWS
Databases/
Data stores
functions

Chris Munns
munns@amazon.com
@chrismunnshttps://www.flickr.com/photos/theredproject/3302110152/

?
https://secure.flickr.com/photos/dullhunk/202872717/

Building API-Driven Microservices with API Gateway

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Building API-Driven Microservices with API Gateway

Similaire à Building API-Driven Microservices with API Gateway (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Building API-Driven Microservices with API Gateway