Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

AWS Serverless API Management - Meetup

This document discusses serverless API management on AWS. It begins with an overview of serverless API management and describes a sample timelapse service use case. It then covers the basics of API management on AWS including validation, transformation, throttling, caching, security and monetization. It also discusses DevOps practices for serverless APIs such as CI/CD pipelines and infrastructure as code. Finally, it briefly mentions event-driven "AsyncAPI" management and concludes.

1 of 51
Serverless API Management b y S a m u e l V a n d e c a s t e e l e & S t e f a n D e W a n d e l e i r C o n t a c t u s • LinkedIn: www.linkedin.com/in/samuelvandecasteele/ • Mail: samuel.vandecasteele@i8c.be • Company: www.i8c.be
3. Serverless API Management on AWS The AWS reference architecture Use case - Timelapse Service The basics - Validation | Transformation | Throttling | Caching | Security Monetization DevOps API Portal 5. Event ‘AsyncAPI’ Management 1. Enterprise Integration What is Enterprise Integration and who are we? 4. What about other Vendors? 2. API Management APIs – API Management – API Management platforms 6. Conclusions
1.Introduction IntegrationArchitectures E n t e r p r i s e A p p l i c a t i o n I n t e g ra t i o n ( E A I ) S e r v i c e O r i e n t e d A r c h i t e c t u r e s ( S O A ) A P I M a n a g e m e n t B 2 B I n t e g ra t i o n Io T Re a l - t i m e e v e n t p r o c e s s i n g When we talk about integration
1.Introduction IntegrationArchitectures Once upon a time… … a corporate IT landscape
1.Introduction IntegrationArchitectures Once upon a time… … a corporate IT landscape Ownership? Duplicates? Change Management?
1.Introduction IntegrationArchitectures Enterprise Application Integration (EAI) Integration Server https://www.enterpriseintegrationpatterns.com • Management of point-to-point • Management of pub/sub • Domain-Model • B2B: management of partners • Transformations • Mediation through adapters • Messaging (queue, pub/sub) Integration Server
1.Introduction IntegrationArchitectures Service-Oriented Architecture Enterprise Service Bus • Reusable Services • Management of services (SOA registry) • Domain-Model • Governance (layering, lifecycle) • Transformations • Security • Aggregations • Messaging (queue, pub/sub)
1.Introduction IntegrationArchitectures API Management API Management Platform • Reusable APIs • Management of APIs • Management of Consumers (Self-service) • Externalize functionality/data • Transformations • Security • QoS • Monitoring • Async?
1.Introduction IntegrationArchitectures Internet of Things IoT Management Platform • (Time-based) events • Device management • Data capturing (ingestion) • Transformations • Security • Filtering/Analysis • Monitoring
We build the bridges to your core IT systems
We cover all aspects of building the bridges Consultancy Assessments Architectural Blueprinting Software Selection Implementation Design Build Test Deploy Managed Services Support & Monitoring Outsourcing Hosting Training & Lectures
APIManageent TheforestofAPI 153/09/19 API ?
uService Monetizing APIManageent TheforestofAPI 163/09/19 Errors JSON XML Resources Versioning Throttling Threat protection Caching OData OpenID connect OAuth2 API-Key Security protobuf MQTT Hitch Open Data Jekyll Portal API RESTfull HTTP GraphQL REST like Swagger OpenAPI RAML HAL JSONP Web hooks APIBlueprint SOAP Gateway
Monetizing APIManageent TheforestofAPI 173/09/19 Errors JSON Resources Versioning Throttling Threat protection Caching OpenID connect OAuth2 API-Key Security Portal API HTTP REST like Swagger OpenAPI Gateway
Our solutions facilitates comunication and exchange of information in your business processes. 1 186 299 438 593 865 1263 1546 2026 2418 3422 5018 7182 9011 10302 11138 13099 15589 17330 -1000 1000 3000 5000 7000 9000 11000 13000 15000 17000 19000 Jun-05 Mar-06 Oct-06 May-07 Dec-07 Jul-08 Feb-09 Sep-09 Apr-10 Nov-10 Jun-11 Jan-12 Aug-12 Mar-13 Oct-13 Jan-14 Jan-15 Jan-16 Jan-17 Jan-18 APICount Month API Growth since 2005 18 APIS ARE EVERYWHERE APIs are currently reshaping the web and disrupting complete industries
API AS A PRODUCT
PARTNER INTEGRATION
UNLOCK DATA Data.Vlaanderen.be
Our solutions facilitates comunication and exchange of information in your business processes. 24 API MANAGEMENT “API Management is the process of publishing, promoting and overseeing APIs in a secure, scalable environment” (techtarget.com)
Our solutions facilitates comunication and exchange of information in your business processes. 25 API MANAGEMENT “API Management is the process of publishing, promoting and overseeing APIs in a secure, scalable environment” (techtarget.com) Continuous Integration/Delivery API Registration Monitoring Analysis Security Access Management Quality of Service
Provision Publish API Management API MANAGEMENT TOOLSET 26 API Gateway Security Transform Quota Protocol Switching Caching Metrics Collection Analytics API Endpoints µService Collect APP Java AS Creates Registers Uses Invokes Manages Manage User Developer API Manager API Portal API Manager fn(..)
OpenAPI – specification file • Most APIs are REST(like)/json • The API can be described through a standardized file: openAPI • Latest version is v3, but v2 is still more commonly used (aka swagger)
https://www.slideshare.net/AmazonWebServices/accelerate-innovation-and-maximize-business-value-with-serverless-applications-srv212r1-aws-reinvent-2018/7
API Management API Gateway on prem Identity Provider Cognito Okta AWS API Gateway AWS ElastiCache Portal
AWSServerlessAPIManagement OVERVIEW
ServerlessAPIManagement-usecase TIMELAPSESERVICE Connect to your cameras IoT Device management Solution API for mobile & integration API Management + IAM Serverless implementation Cloud native & cost optimized DevOps delivery CI/CD & IaC methodologies
ServerlessAPIManagement-usecase TIMELAPSESERVICE
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Define your API Manual via AWS Console Via and/or Cloudformation
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Validation Validates query parameters, headers & body (JSON Schema v4) • Lambda only invoked with valid requests • More Secure • Cost-effective • Currently no ‘SQL injection’, ‘Document depth detection’, ‘non json-based validations’, …
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Security Open ID Connect (implicit) flow 1. Authenticate against Cognito 2. ID token and access token creation 3. API Call using token 4. Validate token 5. Verify oauth scope 6. Route request with JWT Token 1 2 3 4 5 6
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Security Cognito • User pool • Federated identities (Social, SAML, OIDC) Lambda Authorizer • To any IdP service IAM (API Key)
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Transformation Request/Response transformation • Apache Velocity Template Language (VTL) Transformation in Lambda • Advanced transformation (REST to SOAP)
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Caching Customize Caching Key • Resource id, header, query param, … Customize (TTL) Time to live Not Serverless Offload your backend!
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Throttling API Key level Method level Account level Protect your backend! and your costs!
S e r v e r l e s s A P I M a n a g e m e n t - T h e b a s i c s Monetize your API
Go the extra mile! Go the extra secure mile with WAF integration XSS DDoS SQL injection IP filtering
AWSServerlessAPIManagement DEVOPS
CI/CD & INFRASTRUCTURE AS CODE S e r v e r l e s s A P I M a n a g e m e n t - D e v O p s
S e r v e r l e s s A P I M a n a g e m e n t - D e v O p s Versioning AWS API Gateway does not dictate your Versioning Strategy but does not provide a guidance neither! https://v2.i8c.be/timelapse/* https://timelapse.i8c.be/v2/* https://api.i8c.be/timelapse/v2/* … Custom domains, base path mappings & stage variables Major version = new API definition in API Gateway = own CD pipeline
( o u t o f t h e b o x ) REAL-TIME MONITORING S e r v e r l e s s A P I M a n a g e m e n t - D e v O p s
Organization Service teams are now able to manage all aspects of API Management but what about enterprise compliance enforcement? CloudFormation & OpenAPI analysis tools to verify if all required enterprise policies are applied? Internal auditing of API by central architecture team? S e r v e r l e s s A P I M a n a g e m e n t - D e v O p s
AWSServerlessAPIManagement OVERVIEW
AW S S e r v e r l e s s A P I M a n a g e m e n t API Portal
AW S S e r v e r l e s s A P I M a n a g e m e n t API Portal - gi t hub.c o m/aw sl abs/aw s-api -gat eway-devel o per-po r t al
Vendorlandscape GARTNER ON AWS API MANAGEMENT STRENGTHS • Low-cost, efficient and performs at any scale. • Great integration with AWS PaaS offerings. • High levels of user satisfaction CAUTIONS • Needs to extend its set of operational policies • Lacks ready-to-use developer API portal WE ON AWS API MANAGEMENT STRENGTHS • Strong API Gateway offering. (for use-cases where Portal is less/not important) • Strong entry-point for event-driven architectures CAUTIONS • Hybrid scenario’s • Not for all enterprise scenarios (SOAP/XML) https://www.gartner.com/en/documents/3873383/magic-quadrant-for-full-life-cycle-api-management
ServerlessAPIManagement-usecase TIMELAPSESERVICE (mostly) ASYNCSYNC
Event ‘AsyncAPI’ Management
Event ‘AsyncAPI’ Management
AWS Serverless API Management - Meetup
Event ‘AsyncAPI’ Management
Serverless API Management G et i n t o uc h! s a m u e l . v a n d e c a s t e e l @ i 8 c . b e s t e f a n . d e w a n d e l e i r @ i 8 c . b e i n f o @ i 8 c . b e

More Related Content

AWS Serverless API Management - Meetup