Skip to content

AWS API Gateway

AWS API Gateway

Amazon API Gateway is a fully managed service for creating, publishing, and securing APIs at any scale. It acts as the “front door” for backend services — Lambda functions, EC2 instances, or any HTTP endpoint.

In Azure terms: API Gateway ≈ Azure API Management (APIM) + Azure API Gateway

API Types

Type	Description	Use Case
REST API	Full-featured, supports all integrations and API Gateway features	Production APIs requiring advanced features
HTTP API	Lightweight, lower latency, cheaper (~71% cheaper than REST API)	Simple proxy to Lambda or HTTP backends
WebSocket API	Persistent two-way connection between client and server	Real-time apps (chat, gaming, live dashboards)

Core Concepts

Concept	Description
Resource	A URL path (e.g., `/users`, `/users/{id}`)
Method	HTTP verb on a resource (GET, POST, PUT, DELETE)
Integration	Backend target — Lambda, HTTP URL, AWS service, Mock
Stage	Deployment environment — dev, staging, prod
Deployment	Snapshot of the API configuration deployed to a stage
Usage Plan	Throttling and quota settings
API Key	Client credential for usage plan access control
Authorizer	Lambda custom authorizer or Cognito for authentication
Mapping Template	Transform request/response payloads

Typical Architecture: REST API + Lambda

Client (browser/app)
    ↓ HTTPS request
API Gateway
    ↓ proxy integration
AWS Lambda
    ↓
DynamoDB / RDS / S3
    ↓
API Gateway
    ↓ response
Client

Integration Types

Integration	Description
Lambda Proxy	Pass entire request to Lambda, return Lambda’s response directly
Lambda Custom	Transform request/response with mapping templates
HTTP Proxy	Forward request to any HTTP endpoint
AWS Service	Directly invoke S3, DynamoDB, SQS, SNS etc. (no Lambda needed)
Mock	Return a static response without any backend call

Security Options

Method	Description
API Keys	Simple key-based access (not for authentication — use for quota tracking)
Lambda Authorizer	Custom auth logic (validate JWT, call auth service)
Cognito User Pools	AWS-managed OAuth2/OIDC authentication
IAM Authorization	SigV4-signed requests from AWS SDKs/services
Resource Policies	IP-based or VPC-based access restrictions
Mutual TLS (mTLS)	Client certificate authentication

Throttling & Quotas

API Gateway protects backends with built-in rate limiting:

Account level: 10,000 requests/second (soft limit)
Stage level: Set custom throttle limits per stage
Usage Plans: Throttle and quota per API key

Response when throttled: 429 Too Many Requests

API Gateway vs Azure APIM

Feature	AWS API Gateway	Azure API Management
API types	REST, HTTP, WebSocket	REST, SOAP, GraphQL, WebSocket
Auth	Lambda authorizer, Cognito, IAM	OAuth2, JWT, subscriptions keys, Azure AD
Throttling	Per stage / per usage plan	Per product / per subscription
Developer portal	Basic	Full-featured developer portal
Mock responses	Yes	Yes (via policies)
Transform payloads	Mapping templates	Policies (XML-based)
Caching	Yes (per stage)	Yes
Private APIs	Yes (VPC endpoint)	Internal tier
Pricing	Per-request + data transfer	Per-unit/hour (multi-tier)

Canary Deployments

API Gateway supports canary releases — route a percentage of traffic to the new version:

# Create a deployment with canary
aws apigateway create-deployment \
  --rest-api-id abc123 \
  --stage-name prod \
  --canary-settings \
    percentTraffic=10,\
    deploymentId=xyz789

CLI Examples

# List APIs
aws apigateway get-rest-apis

# Create a REST API
aws apigateway create-rest-api --name "my-api"

# Get resources
aws apigateway get-resources --rest-api-id abc123

# Deploy to a stage
aws apigateway create-deployment \
  --rest-api-id abc123 \
  --stage-name prod

# Get an API's stages
aws apigateway get-stages --rest-api-id abc123

Useful Links