AWS -Amazon API Gateway Private Endpoints

This has been one of the most heavily requested features for this service. We believe this is going to make creating and managing private APIs even easier. 

APIs to power the backend technologies supporting a product. the way mobile, IoT, web applications, or internal services talk to each other and to application frontends is using some API interface

Edge-optimized endpoints helped you reduce latency to clients accessing your API on the internet from anywhere; typically, mobile, IoT, or web-based applications. 

Behind API Gateway, you could back your API with a number of options for backend technologies: AWS Lambda, Amazon EC2, Elastic Load Balancing products such as Application Load Balancers or Classic Load Balancers, Amazon DynamoDB, Amazon Kinesis, or any publicly available HTTPS-based endpoint.

AWS launched the ability for AWS Lambda functions to access resources inside of an Amazon VPC. With this launch, you could build API-based services that did not require a publicly available endpoint. They could still interact with private services, such as databases, inside your VPC.

API Gateway as a fully managed service runs its infrastructure in its own VPCs. When you interface with API Gateway publicly accessible endpoints, it is done through public networks. When they’re configured as private, the public networks are not made available to route your API. Instead, your API can only be accessed using the interface endpoints that you have configured.

regional API endpoints

Private endpoints

launch solves one of the missing pieces of the puzzle, which is the ability to have private API endpoints inside your own VPC. With this new feature, you can still use API Gateway features, while securely exposing REST APIs only to the other services and resources inside your VPC, or those connected via Direct Connect to your own data centers.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

What is the security group? 

In AWS the in and out traffic to instances is controlled with virtual firewalls which are known as Security groups. Security groups allow you to control traffic based on various aspects such as protocol, port and source destination.   

What is subnet?

When a large amount of IP addresses are divided into small chunks, then these tiny chunks are called Subnets

AWS Serverless Timeouts 

AWS Lambda Limits --> Lambda functions have a default timeout of 3 seconds. When the Lambda service first launched, it allowed a maximum of only 300 seconds. But based on customer increased it to 900 seconds (15 minutes). 

This limit is very high for HTTP APIs as most APIs are supposed to get a response within 3-6 seconds. 

Concurrent Execution 

Concurrent execution parallelizes Lambda functions with additional instances, as a way to scale them.

The default maximum limit for Lambda instances is 1000. However, it is a soft limit that can be extended by a request to AWS support. If a Lambda function’s concurrent requests cross the limit, it will start throwing throttling errors. This is an account-level limit and applies to all functions in the account.

Memory

With serverless, memory equals CPU equals running time. Lambda functions can have memory allocated per instance from 128 MB to 3 GB max.

API Gateway

AWS API Gateway is used to trigger synchronous REST or HTTP calls to a Lambda function. It has a max timeout for any downstream service, including Lambda, of 29 seconds.

That’s a very high limit for most REST or HTTP APIs. So, if you don’t configure the timeout limit at the method level, it will cause the API to keep waiting for a response for a long time (29 seconds) before it times out. That could eventually clog resources and cause throttling errors.