How to properly expose APIs from Fargate tasks? - amazon-web-services

I deployed few microservices into Fargate. Each microservice will have around 30 API endpoints.
I have AWS ALB which will do the path based routing to the Fargate.
I created API Gateway APIs to externally expose the APIs. API Gateway integration method is HTTP and that points to the ALB endpoint.
Is this the proper way to setup the microservices? If not, please suggest the better approach.
And also, I want to automatically import the Swagger definition into API Gateway whenever there is a change in the Swagger definition. Swagger definition is exposed under /apidocs of each microservice. How do I automate the import of swagger definition into API gateway? Is there a commonly used approach?

Keep in mind you'll need to update both API GW and ALB paths. To import new swagger definition you'll need some kind of triggered event to:
Upload new swagger definition to S3.
Create an API gateway deployment.
Perform the path edition in ALB target group(s). This one could be done by triggering a CLI or API call (or sdk).
If you use CloudFormation, you could trigger an UPDATE containing all these new changes too. If so, also keep an eye on those resources parameters that may or not require a resource replacing.
Hope it helps.

Related

Using openapi definitions aws api gateway

I'm new to api gateway stuff and have created an api gateway using terraform on aws. Now I want to expose more apis on the same api gateway. I have used the body argument on Terraform which takes a definition file. If I use a new open api definition, my existing ones are replaced by Terraform. What is the best way in this situation. Appending new apis to openapi file or?
please advise.

How to use ECS and Lambda microservices within the same API?

I am trying to setup a microservice architecture on AWS, each microservice is a REST API.
Some of the services are running on ECS using Fargate and some of the services are running as a set of lambdas.
I am trying to have each api route resolve to the correct service, whether it is a ECS or Lambda based service.
I can see how it would be possible using only ECS services (with Application Load Balancer and listeners) or using only Lambdas (with an API Gateway). But I just cant seem to figure out how to mix the two together.
I have been searching relentlessly all week and I cannot find any decent documentation or an example of how to implement something similar to this.
There appears to be a limit to the number of routes for ALB or API Gateway. If I have several lambda based services there will need to be a declared path for each Lambda function and they will use up the path limit very quickly.
Should there be an intermediary step between each service and the API Gateway? For instance, each Lambda service has its own API Gateway which 'groups' those functions together. Which would mean there will be a nested set of API Gateways that the parent API Gateway routes to. This doesn't feel correct though.
Any help in the right direction would be appreciated.
Thanks
Your AWS account's API Gateway REST and Websocket routes/resources limit can be increased with a request to AWS support.

API Gateway - How Deploy API works?

After creating API Gateway with two API names and integrating with lambda function,
AWS documentation recommends to deploy this API, as shown below:
1) What does deploy API mean? How creating API gateway different from deploying API?
2) Does deploy API option internally create Cloud formation template? that creates a stack and deploy
1) What does deploy API mean? How creating an API gateway different from deploying API?
Let' say you have created your API but how about making it public so that it can be used.
That's where deploy comes. Once you are done with writing your API, deploy it to make it callable by your users. When you deploy, then you get the link from API Gateway which can be accessed by everyone.
It is described here
2) Does deploy API option internally create Cloud formation template? that creates a stack and deploy
No, Like you said you have integrated a lambda function with your API then API Gateway will simply redirect all the calls to your lambda function which is serverless.
An API Gateway is a Proxy that manages the endpoints ,It acts as the single entryway into a system allowing multiple APIs or microservices to act cohesively and provide a uniform experience to the user.
The most important role the API gateway plays is ensuring reliable processing of every API call. In addition, the API gateway provides the ability to design API specs, help provide enterprise-grade security, and manage APIs centrally.
An API Gateway is a server that is the single entry point into the
system. It is similar to the Facade pattern from object‑oriented
design. The API Gateway encapsulates the internal system architecture
and provides an API that is tailored to each client. It might have
other responsibilities such as authentication, monitoring, load
balancing, caching, request shaping and static response handling.
https://learn.microsoft.com/en-us/azure/architecture/microservices/design/gateway
https://microservices.io/patterns/apigateway.html
Deploying a REST API in Amazon API Gateway:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-tutorials.html
https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers/part-1
https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers/part-2
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html

AWS API Gateway Lambda as a proxy for microservices

As my project is going to be deployed on AWS, we started thinking about AWS API Gateway as a way to have one main entry point for all of our microservices(frankly speaking, we also would like to use by some other reasons like security). I was playing with API Gateway REST API and I had feeling that it it a bit incovinient if we have to register there every REST service we have.
I found very good option of using AWS API Gateway and lambda function as a proxy. It is described here:
https://medium.com/wolox-driving-innovation/https-medium-com-wolox-driving-innovation-building-microservices-api-aws-e9a455cc3456
https://aws.amazon.com/blogs/compute/using-api-gateway-with-vpc-endpoints-via-aws-lambda
I would like to know your opinion about this approach. May be you could also share some other approaches that can simplify API Gateway configuration for REST API?
There are few considerations when you proxy your existing services through API Gateway.
If your backend is not publicly then you need to setup a VPC and a site to site VPN connection from the VPC to your backend Network and use Lambda's to proxy your services.
If you need do any data transformations or aggregations, you need to use Lambda's(Inside VPC is optional unless VPN connection is needed).
If you have complex integrations behind the API gateway for your services, you can look into having ESB or Messaging Middleware running in your on-premise or AWS then proxy to API Gateway.
You can move data model schema validations to API Gateway.
You can move service authentication to API Gateway by writing a Custom Authorizer Lambda.
If you happen to move your User pool and identity service to AWS, you can migrate to AWS Cognito Manage Service and use AWS Cognito Authorizer in API Gateway to authenticate.
For usecases when you adopt dumb pipes (as described on martinfowler.com) AWS API Gateway is a reasonable option.
For AWS API Gateway I'd suggest to describe/design your API first with RAML or OpenAPI/Swagger and then import into AWS using AWS API Importer.
As soon as you plan to move logic in there, such as dynamic routing, detailed monitoring, alerting, etc, I'd suggest considering other approaches, such as:
Apigee
Mulesoft
WSO2
You can also host them on an EC2 within your VPC or opt-in for the hosted version. (which does have a significant pricetag in some cases)
For describing APIs you can use RAML (for Mulesoft) or OpenAPI (ex-Swagger, for Apigee and WSO2). You can also convert between them using APIMATIC which enables you to migrate your specification across various API Gateways (even AWS).

How to describe AWS GatewayAPI in file and import?

We are using Amazon Gateway API and currently we describe API endpoints manually through the web console.
Is it possible to create definition of API in some file(s) and import it?
Why do we need this:
We want every change in the API be reviewed (it's our development process) by other people.
In case if API is deleted or broken accidently, we want to be able to restore it easily.
By now the only solution I see is to write script, based on aws apigateway command line command that creates all resources and methods.
But probably there is a better way to do it?
Thanks!
P.S. It may partially overlaps with this question: exporting api definition from AWS api gateway.
I think the Swagger Importer feature of AWS API Gateway is what you are looking for: https://aws.amazon.com/about-aws/whats-new/2015/07/introducing-swagger-importer-easily-import-swagger-api-definitions-into-amazon-api-gateway/
You can export your API definition with API Gateway extensions into swagger format. Then you use the API Gateway API importer to import/update your API.
If you are backing your API Gateway endpoints with Lambda functions you may want to check out the serverless project https://github.com/serverless/serverless
Using this framework you have a JSON file that describes your endpoints and binds them to your Lambda code in the same project structure. The tool lets you deploy the endpoints or code from the command line. It also allows you to manage other AWS resources in a CloudFormation template in the same project structure and deploy it from the command line.