Thanks so you know it's it's possible to expose a intranet service securly via API gateway. Would I need a vpc that connects to the intranet and a vpc type gateway request?
Hi @DrJub, As far as you create REST API (Private) , It is not expose to internet(public). Then you can use a VPC Links to access the private API Gateway. This could help. please check: aws.amazon.com/blogs/compute/understanding-vpc-links-in-amazon-api-gateway-private-integrations/
Hi @hemantsah8567 , Yes it is possible. Create a Congito authoriser and assign the authoriser only for the end point you want to secure. eg: there could be GET and POST. So you just need the POST end point to be secured. Then just set the authoriser for the POST end point. Have done a video for Cognito authoriser and this should help th-cam.com/video/9crTLAT_4uY/w-d-xo.html Thanks. :)
Good morning, firstly thank you for this video and second, I am struggling with an internal server error, what could be the reason behind this? {"message": "Internal server error"}
Good video. I have a doubt what if I have an API currently on Ec2 instance or running on EKS . do we need API gateway or how can we use api gateway in that case?
Hi Naveen, It is totally depend on what is the existing API. Does it have auth, rate limit, quota etc. With AWS API Gateway you will all these thing very easy. It is almost how much effort to move your API to API Gateway. For me, If the current API does the work and serve the purpose, I will stick with that. However I will start any new API end points using AWS API Gateway.
Hello - thank you for our video! I have an architecture question. If I have a public API and private API on the same server exposed by an internal ALB - the public API is exposed by a public API Gateway (resides outside the VPC), where as the private api is exposed by a Private API Gateway which is accessible through a VPN. Both of the API Gateways point to the internal ALB. Does this set up make sense to your or is there a better way to have a private API and publci API accessible to end users on the same server?
Hi mate, Interesting question. Just wondering how you load balance the traffic between private and public resources with one ALB. eg: there could be many requests come to public while few requests to private. With one ALB, how do you balance the traffic. for personally, I would go with two load balances in the case to make the system isolate from public and private resources. That make easy to apply good practice like security.
@@lovetocode4486 Hi - thanks a lot for your reply. Your answer makes sense if I had a separate server or target group for each api but I have a Monolith running on ECS. So whether I have one load balancer or two the scaling would still be the same no? I guess I'm wondering whether there is still security benefit in the setup I'm explaining such that the Private Admin API endpoints can't be invoked without being on the VPN and any requests to do so would be stopped outside the VPC. Once on the VPN the end user is able to invoke the privatr endpoint by having access to the private API gateway but both his request and the public API endpoint requests go through the same load balancer after being authorised by a Cognito authoriser. Sorry for the long reply! It's my first time doing this so your answer is really helpful!!
I want to send multiple status code based on my logix. for eg: 404 on Not found below my code. if check_keyword(event): return {"statusCode": 404, "message": "Missing keyword"} on postman the response comes as i send but postman status is 200. how i make that postman status also 404 or other status based on my return statuscode value ?... Please help me out
Hi Mate, What type of integration you are using? If it is "Lambda Proxy Integration", Then you need to send the payload as below which is you are already doing ` const response = { statusCode: 404, body: "ANYTHING YOU WISH TO PASS" }; return response; ` If you are using "Non-Proxy Integration", then please check this video. This has more information on how to map the parameters, header etc. th-cam.com/video/o98qYUFSQbc/w-d-xo.html
Hi Mate, Yes, you can add Load Balance between Api gateway and the services. API Gateway support 10,000 request (This is a soft limit and you can request more from AWS) per seconds. The Load balancer can be used to distribute the load between each service instance (EC2 etc). Having API Gateway in the front addresses the a cross-cutting concerns (managing security, routing, and transformations etc) while load balance gives fast responses to the clients by distribution the load
Hi, I am completely new to AWS and APIs ..does this course help beginner like me ? Does this cover things like design principles , CRUD operations etc ? Thanks in advance
Hi mate, I am doubt that it gives to check how much data transfer. it shows how many request. One place to check is the access logs of api gateway. Hopefully you can find how much data per request.
Hey mate, there are couple of ways to add auth to api gateway. This is one way using Cognito: th-cam.com/video/9crTLAT_4uY/w-d-xo.html Other way is using Lambda authoriser: th-cam.com/video/rRQbVJhlpC4/w-d-xo.html
@@lovetocode4486 hello I don't understand anything about appscript, the code, to integrate the API of my seller central so I would like to use the module API connector, do you know it? Could I import information to calculate my margins automatically? can I send you an email ?
you can pass all the headers come from client to lambda. Please check this repost.aws/knowledge-center/custom-headers-api-gateway-lambda you need to update mapping templates. ``` { "method": "$context.httpMethod", "body" : $input.json('$'), "headers": { #foreach($param in $input.params().header.keySet()) "$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end #end } } ```
This is the BEST Tutotrial on AWS API Gateway!!
Thanks mate. Glad that helps you. 👍👍👍
Wonderful lecture .Thanks
very good tutorials. Plz create video on ECS also . Thank you very so much
Thanks mate. Stay on touch. We do more in this year.
Love this little man so much
Thanks mate. 🤞🤞🤞
Amazing explanation! Thanks a lot
Thanks mate. Glad that helps you 👍👌👌👌
completed 100%
Glad that helps. Thx mate
Very good explanation
Thanks mate
it helps me a lot!! Ty!
Great to hear 👍👍👍👍
Nice!!!!!!!
Thanks so you know it's it's possible to expose a intranet service securly via API gateway. Would I need a vpc that connects to the intranet and a vpc type gateway request?
Hi @DrJub,
As far as you create REST API (Private) , It is not expose to internet(public). Then you can use a VPC Links to access the private API Gateway.
This could help. please check: aws.amazon.com/blogs/compute/understanding-vpc-links-in-amazon-api-gateway-private-integrations/
Hey Is it possible using SAM that I can keep some api endpoint unauthorized while some authorized. I am trying it with Congito authorizer
Hi @hemantsah8567 ,
Yes it is possible. Create a Congito authoriser and assign the authoriser only for the end point you want to secure. eg: there could be GET and POST. So you just need the POST end point to be secured. Then just set the authoriser for the POST end point. Have done a video for Cognito authoriser and this should help th-cam.com/video/9crTLAT_4uY/w-d-xo.html
Thanks. :)
next time when u do demos pls use dont use dark mode. cant see anything clearly
Really appreciated your comment. It is best comment to improve. Thanks
Good morning, firstly thank you for this video and second, I am struggling with an internal server error, what could be the reason behind this?
{"message": "Internal server error"}
Hi Mate,
Please check the cloudWatch log of the lambda function? That should show the actual error. Let me know how it goes.
Good video. I have a doubt what if I have an API currently on Ec2 instance or running on EKS . do we need API gateway or how can we use api gateway in that case?
Hi Naveen,
It is totally depend on what is the existing API. Does it have auth, rate limit, quota etc. With AWS API Gateway you will all these thing very easy. It is almost how much effort to move your API to API Gateway.
For me, If the current API does the work and serve the purpose, I will stick with that. However I will start any new API end points using AWS API Gateway.
Hello - thank you for our video!
I have an architecture question. If I have a public API and private API on the same server exposed by an internal ALB - the public API is exposed by a public API Gateway (resides outside the VPC), where as the private api is exposed by a Private API Gateway which is accessible through a VPN. Both of the API Gateways point to the internal ALB. Does this set up make sense to your or is there a better way to have a private API and publci API accessible to end users on the same server?
Hi mate,
Interesting question. Just wondering how you load balance the traffic between private and public resources with one ALB. eg: there could be many requests come to public while few requests to private. With one ALB, how do you balance the traffic.
for personally, I would go with two load balances in the case to make the system isolate from public and private resources. That make easy to apply good practice like security.
@@lovetocode4486 Hi - thanks a lot for your reply. Your answer makes sense if I had a separate server or target group for each api but I have a Monolith running on ECS.
So whether I have one load balancer or two the scaling would still be the same no?
I guess I'm wondering whether there is still security benefit in the setup I'm explaining such that the Private Admin API endpoints can't be invoked without being on the VPN and any requests to do so would be stopped outside the VPC.
Once on the VPN the end user is able to invoke the privatr endpoint by having access to the private API gateway but both his request and the public API endpoint requests go through the same load balancer after being authorised by a Cognito authoriser.
Sorry for the long reply! It's my first time doing this so your answer is really helpful!!
I want to send multiple status code based on my logix. for eg: 404 on Not found below my code.
if check_keyword(event):
return {"statusCode": 404, "message": "Missing keyword"}
on postman the response comes as i send but postman status is 200. how i make that postman status also 404 or other status based on my return statuscode value ?... Please help me out
Hi Mate,
What type of integration you are using?
If it is "Lambda Proxy Integration", Then you need to send the payload as below which is you are already doing
`
const response = {
statusCode: 404,
body: "ANYTHING YOU WISH TO PASS"
};
return response;
`
If you are using "Non-Proxy Integration", then please check this video. This has more information on how to map the parameters, header etc.
th-cam.com/video/o98qYUFSQbc/w-d-xo.html
Thank you. One question: how to specify /users/{userId}?
Hi mate,
Do you mean that specifying in the postman request or creating end point in the API gateway?
Can an api gateway be between ALB and the web service? Are there any benefits of this architecture?
Hi Mate,
Yes, you can add Load Balance between Api gateway and the services. API Gateway support 10,000 request (This is a soft limit and you can request more from AWS) per seconds. The Load balancer can be used to distribute the load between each service instance (EC2 etc).
Having API Gateway in the front addresses the a cross-cutting concerns (managing security, routing, and transformations etc) while load balance gives fast responses to the clients by distribution the load
Hi, I am completely new to AWS and APIs ..does this course help beginner like me ? Does this cover things like design principles , CRUD operations etc ? Thanks in advance
Hi mate, this video gives beginners to advance knowledge of AWS api gateway and best practices of using api. thanks
can we able to capture how much data transferred from particular client ?
Hi mate, I am doubt that it gives to check how much data transfer. it shows how many request.
One place to check is the access logs of api gateway. Hopefully you can find how much data per request.
cant we connect RDS Mysql DB to the API gateway directly ?
Hey mate,
Best way connect RDS is use API Gateway with Lambda. Adding SQS is useful if you want to decouple the services.
Can you show - How will add authentication and authorization to this ?
Hey mate, there are couple of ways to add auth to api gateway. This is one way using Cognito: th-cam.com/video/9crTLAT_4uY/w-d-xo.html
Other way is using Lambda authoriser: th-cam.com/video/rRQbVJhlpC4/w-d-xo.html
hello, can I use it with theg.sheet api connector module?
Hey mate,
As far as that support http, then yes.
@lovetocode4486 I'm not sure I understand, could you recommend a link where I can read more explanations
@@lovetocode4486 hello I don't understand anything about appscript, the code, to integrate the API of my seller central so I would like to use the module API connector, do you know it? Could I import information to calculate my margins automatically?
can I send you an email ?
how to set custom header ?
example :
authorization : Bearer xxxx
x-token : xxx
Do you mean that setting the header when you trigger the api from like Postman, front end ui?
you can pass all the headers come from client to lambda. Please check this repost.aws/knowledge-center/custom-headers-api-gateway-lambda
you need to update mapping templates.
```
{
"method": "$context.httpMethod",
"body" : $input.json('$'),
"headers": {
#foreach($param in $input.params().header.keySet())
"$param": "$util.escapeJavaScript($input.params().header.get($param))"
#if($foreach.hasNext),#end
#end
}
}
```
Please check this video. This shows how to set custom headers: th-cam.com/video/o98qYUFSQbc/w-d-xo.html
why did u creat mok api , you missed it
Hi Mate, The mock api is for just demonstration. If you are likely to know more, then follow this list th-cam.com/video/c3J5uvdfSfE/w-d-xo.html