secure your apis with amazon api gateway
TRANSCRIPT
![Page 1: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/1.jpg)
SecureYourAPIs
WithAmazonAPI Gateway
![Page 2: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/2.jpg)
July, 2015
![Page 3: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/3.jpg)
About MeMy name is Mohammed Badran
![Page 4: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/4.jpg)
About Me
I help companies design, manage, and secure their APIs
![Page 5: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/5.jpg)
Jargon
![Page 6: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/6.jpg)
What is anAPI?
Application Programming Interface
![Page 7: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/7.jpg)
What is anAPI?
A set of routines, protocols, and tools for building applications
![Page 8: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/8.jpg)
What is anAPI?
A software interface that powers the economy
![Page 9: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/9.jpg)
APIS ARE EVERYWHERE
THEY ARE ALL AROUND US
![Page 10: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/10.jpg)
What is anAPI Gateway?
A single entry point into an API
![Page 11: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/11.jpg)
What is anAPI Gateway?
Makes it easy to manage, secure, and operate an API
![Page 12: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/12.jpg)
What is anAPI Gateway?
Handles the plumbing so your developers don’t have to
![Page 13: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/13.jpg)
![Page 14: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/14.jpg)
What is theAmazon API
Gateway?
Manages, proxies, and secures APIs
![Page 15: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/15.jpg)
What is theAmazon API
Gateway?
Provides REST APIs for AWS services
![Page 16: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/16.jpg)
What is theAmazon API
Gateway?
Amazon API Gateway + AWS Lambda == Serverless Microservices
![Page 17: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/17.jpg)
![Page 18: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/18.jpg)
What aremicroservices?
Software architecture style
![Page 19: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/19.jpg)
What aremicroservices?
Small, independent processes communicating via language-agnostic APIs
![Page 20: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/20.jpg)
What aremicroservices?
Opposite: Monoliths
![Page 21: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/21.jpg)
![Page 22: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/22.jpg)
What is a Serverless
Microservice?
A microservice that requires no server administration
![Page 23: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/23.jpg)
What is a Serverless
Microservice?
You only worry about the code, not the infrastructure
![Page 24: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/24.jpg)
What is a Serverless
Microservice?
Similar to a service deployed on a PAAS
![Page 25: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/25.jpg)
![Page 26: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/26.jpg)
![Page 27: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/27.jpg)
An Example
![Page 28: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/28.jpg)
romanapi.com
A serverless microservice that converts Roman numerals to Arabic, and vice versa
![Page 29: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/29.jpg)
/numeral/x
10
“x”
10
Look Mum, No Servers!
API Client Amazon API Gateway AWS Lambda
![Page 30: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/30.jpg)
$ curl https://romanapi.com/v1/numeral/x
{
"result": 10,
"arabic": 10,
"roman": "X",
"success": true,
"original": "x"
}
![Page 31: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/31.jpg)
$ curl https://romanapi.com/v1/numeral/3
{
"result": "III",
"arabic": 3,
"roman": "III",
"success": true,
"original": "3"
}
![Page 32: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/32.jpg)
romanapi.com
Create the API in the console (or define it with Swagger then import it)
Step 1
![Page 33: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/33.jpg)
romanapi.com
Create the request handler in AWS Lambda
Step 2
![Page 34: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/34.jpg)
romanapi.comIntegrate the API and the request handler
Step 3
![Page 35: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/35.jpg)
romanapi.comDeploy the API to a stage
Step 4
![Page 36: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/36.jpg)
The Console
![Page 37: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/37.jpg)
Security Features
![Page 38: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/38.jpg)
Security
API keys for authenticating and auditing API clients
![Page 39: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/39.jpg)
Security
Throttling and rate limiting, individually by stage
![Page 40: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/40.jpg)
SecurityDDOS protection via Amazon CloudFront
![Page 41: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/41.jpg)
SecurityComprehensive threat protection
![Page 42: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/42.jpg)
SecurityComprehensive authentication
![Page 43: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/43.jpg)
Security
OAuth
OpenID Connect
![Page 44: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/44.jpg)
Highlights
![Page 45: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/45.jpg)
Amazon API Gateway
Managed service
![Page 46: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/46.jpg)
Amazon API Gateway
Very cost effective *
![Page 47: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/47.jpg)
Amazon API Gateway
Serverless microservices
![Page 48: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/48.jpg)
Amazon API Gateway
API lifecycle management
![Page 49: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/49.jpg)
Amazon API Gateway
Swagger 2.0 support
![Page 50: Secure Your APIs with Amazon API Gateway](https://reader034.vdocuments.us/reader034/viewer/2022042706/587bdfdc1a28ab834d8b73d3/html5/thumbnails/50.jpg)
Check your requirements!