AWS APIGateway 101 - How to Secure AWS API Gateway
In this video I will explain how to secure and modify the request flow in the AWS API Gateway. Putting it in API Gateway can be a smart choice for a number of reasons: - It consolidates your authentication logic to a single place; - It protects your integration from unauthorized requests, saving you money and/or load on your resources. - It can be cached, reducing the number of hits on your authentication service. When a client makes a request to API Gateway, if a policy doesn't exist for this client already, as identified by the client's authentication token in the request, then API Gateway will invoke this custom authorization function, which will return a JSON payload with a policy object for this user. API KEYS for Usage Plans Let's create a usage plan, which allows us to rate limit as well as ration the number of requests an individual client is able to make as part of this plan. For example, we might allow prospective customers to try our API on a trial, in which case we will limit them to a maximum of one request per second with a burst of up to five requests per second, but with a total of no more than 10 requests per day, which resets at midnight UTC time. And we'll call this plan "trial" API keys and usage patterns are designed for rate limiting individual clients rather than authentication and authorization. They allow you to give clients access to APIs included in the usage plan, but only at an agreed-upon request rate and quota. An important detail to remember is that the request rate and quota apply to all the APIs and the stages covered by the current usage plan. As an example, if the usage plan from an API key allows 10 requests per day, then all of these requests you see would count toward my quota, provided that both production and staging stages for both restaurant and user APIs are covered by the same usage plan. Video Timestamps: 00:00 Introduction 00:20 AWS API Gateway Basics 02:05 API Gateway Authorization Explanation 04:20 Create Authorization in the AWS console 06:40 API Gateway Usage Plans Explanation 7:50 Create API Gateway Usage Plans with AWS Console 11:40 Create API Gateway Usage Plans with Serverless.com If you want to learn more about AWS Services, make sure to subscribe to the channel: Youtube 🎥 - https://www.youtube.com/channel/UCrgmzG2o4xlBYzm7OB7qZFA Medium: https://enrico-portolan.medium.com/ 🌎 Find me here: Twitter - https://twitter.com/enricop89
In this video I will explain how to secure and modify the request flow in the AWS API Gateway. Putting it in API Gateway can be a smart choice for a number of reasons: - It consolidates your authentication logic to a single place; - It protects your integration from unauthorized requests, saving you money and/or load on your resources. - It can be cached, reducing the number of hits on your authentication service. When a client makes a request to API Gateway, if a policy doesn't exist for this client already, as identified by the client's authentication token in the request, then API Gateway will invoke this custom authorization function, which will return a JSON payload with a policy object for this user. API KEYS for Usage Plans Let's create a usage plan, which allows us to rate limit as well as ration the number of requests an individual client is able to make as part of this plan. For example, we might allow prospective customers to try our API on a trial, in which case we will limit them to a maximum of one request per second with a burst of up to five requests per second, but with a total of no more than 10 requests per day, which resets at midnight UTC time. And we'll call this plan "trial" API keys and usage patterns are designed for rate limiting individual clients rather than authentication and authorization. They allow you to give clients access to APIs included in the usage plan, but only at an agreed-upon request rate and quota. An important detail to remember is that the request rate and quota apply to all the APIs and the stages covered by the current usage plan. As an example, if the usage plan from an API key allows 10 requests per day, then all of these requests you see would count toward my quota, provided that both production and staging stages for both restaurant and user APIs are covered by the same usage plan. Video Timestamps: 00:00 Introduction 00:20 AWS API Gateway Basics 02:05 API Gateway Authorization Explanation 04:20 Create Authorization in the AWS console 06:40 API Gateway Usage Plans Explanation 7:50 Create API Gateway Usage Plans with AWS Console 11:40 Create API Gateway Usage Plans with Serverless.com If you want to learn more about AWS Services, make sure to subscribe to the channel: Youtube 🎥 - https://www.youtube.com/channel/UCrgmzG2o4xlBYzm7OB7qZFA Medium: https://enrico-portolan.medium.com/ 🌎 Find me here: Twitter - https://twitter.com/enricop89