SecureYourAPIs

WithAmazonAPI Gateway

July, 2015

About MeMy name is Mohammed Badran

About Me

I help companies design, manage, and secure their APIs

Jargon

What is anAPI?

Application Programming Interface

What is anAPI?

A set of routines, protocols, and tools for building applications

What is anAPI?

A software interface that powers the economy

APIS ARE EVERYWHERE

THEY ARE ALL AROUND US

What is anAPI Gateway?

A single entry point into an API

What is anAPI Gateway?

Makes it easy to manage, secure, and operate an API

What is anAPI Gateway?

Handles the plumbing so your developers don’t have to

What is theAmazon API

Gateway?

Manages, proxies, and secures APIs

What is theAmazon API

Gateway?

Provides REST APIs for AWS services

What is theAmazon API

Gateway?

Amazon API Gateway + AWS Lambda == Serverless Microservices

What aremicroservices?

Software architecture style

What aremicroservices?

Small, independent processes communicating via language-agnostic APIs

What aremicroservices?

Opposite: Monoliths

What is a Serverless

Microservice?

A microservice that requires no server administration

What is a Serverless

Microservice?

You only worry about the code, not the infrastructure

What is a Serverless

Microservice?

Similar to a service deployed on a PAAS

An Example

romanapi.com

A serverless microservice that converts Roman numerals to Arabic, and vice versa

/numeral/x

10

“x”

10

Look Mum, No Servers!

API Client Amazon API Gateway AWS Lambda

$ curl https://romanapi.com/v1/numeral/x

{

"result": 10,

"arabic": 10,

"roman": "X",

"success": true,

"original": "x"

}

$ curl https://romanapi.com/v1/numeral/3

{

"result": "III",

"arabic": 3,

"roman": "III",

"success": true,

"original": "3"

}

romanapi.com

Create the API in the console (or define it with Swagger then import it)

Step 1

romanapi.com

Create the request handler in AWS Lambda

Step 2

romanapi.comIntegrate the API and the request handler

Step 3

romanapi.comDeploy the API to a stage

Step 4

The Console

Security Features

Security

API keys for authenticating and auditing API clients

Security

Throttling and rate limiting, individually by stage

SecurityDDOS protection via Amazon CloudFront

SecurityComprehensive threat protection

SecurityComprehensive authentication

Security

OAuth

OpenID Connect

Highlights

Amazon API Gateway

Managed service

Amazon API Gateway

Very cost effective *

Amazon API Gateway

Serverless microservices

Amazon API Gateway

API lifecycle management

Amazon API Gateway

Swagger 2.0 support

Check your requirements!

Tell me:mo@doubleplus.co

Where AreYou On

Your APIJourney?