api-gateway
Scannednpx machina-cli add skill itsmostafa/aws-agent-skills/api-gateway --openclawFiles (1)
SKILL.md
8.7 KB
AWS API Gateway
Amazon API Gateway is a fully managed service for creating, publishing, and securing APIs at any scale. Supports REST APIs, HTTP APIs, and WebSocket APIs.
Table of Contents
Core Concepts
API Types
| Type | Description | Use Case |
|---|---|---|
| HTTP API | Low-latency, cost-effective | Simple APIs, Lambda proxy |
| REST API | Full-featured, more control | Complex APIs, transformation |
| WebSocket API | Bidirectional communication | Real-time apps, chat |
Key Components
- Resources: URL paths (/users, /orders/{id})
- Methods: HTTP verbs (GET, POST, PUT, DELETE)
- Integrations: Backend connections (Lambda, HTTP, AWS services)
- Stages: Deployment environments (dev, prod)
Integration Types
| Type | Description |
|---|---|
| Lambda Proxy | Pass-through to Lambda (recommended) |
| Lambda Custom | Transform request/response |
| HTTP Proxy | Pass-through to HTTP endpoint |
| AWS Service | Direct integration with AWS services |
| Mock | Return static response |
Common Patterns
Create HTTP API with Lambda
AWS CLI:
# Create HTTP API
aws apigatewayv2 create-api \
--name my-api \
--protocol-type HTTP \
--target arn:aws:lambda:us-east-1:123456789012:function:MyFunction
# Get API endpoint
aws apigatewayv2 get-api --api-id abc123 --query 'ApiEndpoint'
SAM Template:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
StageName: prod
MyFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.handler
Runtime: python3.12
Events:
ApiEvent:
Type: HttpApi
Properties:
ApiId: !Ref MyApi
Path: /items
Method: GET
Create REST API with Lambda Proxy
# Create REST API
aws apigateway create-rest-api \
--name my-rest-api \
--endpoint-configuration types=REGIONAL
API_ID=abc123
# Get root resource ID
ROOT_ID=$(aws apigateway get-resources --rest-api-id $API_ID --query 'items[0].id' --output text)
# Create resource
aws apigateway create-resource \
--rest-api-id $API_ID \
--parent-id $ROOT_ID \
--path-part items
RESOURCE_ID=xyz789
# Create method
aws apigateway put-method \
--rest-api-id $API_ID \
--resource-id $RESOURCE_ID \
--http-method GET \
--authorization-type NONE
# Create Lambda integration
aws apigateway put-integration \
--rest-api-id $API_ID \
--resource-id $RESOURCE_ID \
--http-method GET \
--type AWS_PROXY \
--integration-http-method POST \
--uri arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:MyFunction/invocations
# Deploy to stage
aws apigateway create-deployment \
--rest-api-id $API_ID \
--stage-name prod
Lambda Handler for API Gateway
import json
def handler(event, context):
# HTTP API event
http_method = event.get('requestContext', {}).get('http', {}).get('method')
path = event.get('rawPath', '')
query_params = event.get('queryStringParameters', {})
body = event.get('body', '')
if body and event.get('isBase64Encoded'):
import base64
body = base64.b64decode(body).decode('utf-8')
# Process request
response_body = {'message': 'Success', 'path': path}
return {
'statusCode': 200,
'headers': {
'Content-Type': 'application/json'
},
'body': json.dumps(response_body)
}
Configure CORS
HTTP API:
aws apigatewayv2 update-api \
--api-id abc123 \
--cors-configuration '{
"AllowOrigins": ["https://example.com"],
"AllowMethods": ["GET", "POST", "PUT", "DELETE"],
"AllowHeaders": ["Content-Type", "Authorization"],
"MaxAge": 86400
}'
REST API:
# Enable CORS on resource
aws apigateway put-method \
--rest-api-id $API_ID \
--resource-id $RESOURCE_ID \
--http-method OPTIONS \
--authorization-type NONE
aws apigateway put-integration \
--rest-api-id $API_ID \
--resource-id $RESOURCE_ID \
--http-method OPTIONS \
--type MOCK \
--request-templates '{"application/json": "{\"statusCode\": 200}"}'
aws apigateway put-method-response \
--rest-api-id $API_ID \
--resource-id $RESOURCE_ID \
--http-method OPTIONS \
--status-code 200 \
--response-parameters '{
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true
}'
aws apigateway put-integration-response \
--rest-api-id $API_ID \
--resource-id $RESOURCE_ID \
--http-method OPTIONS \
--status-code 200 \
--response-parameters '{
"method.response.header.Access-Control-Allow-Headers": "'\''Content-Type,Authorization'\''",
"method.response.header.Access-Control-Allow-Methods": "'\''GET,POST,PUT,DELETE,OPTIONS'\''",
"method.response.header.Access-Control-Allow-Origin": "'\''*'\''"
}'
JWT Authorization (HTTP API)
aws apigatewayv2 create-authorizer \
--api-id abc123 \
--name jwt-authorizer \
--authorizer-type JWT \
--identity-source '$request.header.Authorization' \
--jwt-configuration '{
"Issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123",
"Audience": ["client-id"]
}'
CLI Reference
HTTP API (apigatewayv2)
| Command | Description |
|---|---|
aws apigatewayv2 create-api | Create API |
aws apigatewayv2 get-apis | List APIs |
aws apigatewayv2 create-route | Create route |
aws apigatewayv2 create-integration | Create integration |
aws apigatewayv2 create-stage | Create stage |
aws apigatewayv2 create-authorizer | Create authorizer |
REST API (apigateway)
| Command | Description |
|---|---|
aws apigateway create-rest-api | Create API |
aws apigateway get-rest-apis | List APIs |
aws apigateway create-resource | Create resource |
aws apigateway put-method | Create method |
aws apigateway put-integration | Create integration |
aws apigateway create-deployment | Deploy API |
Best Practices
Performance
- Use HTTP APIs for simple use cases (70% cheaper, lower latency)
- Enable caching for REST APIs
- Use regional endpoints unless global distribution needed
- Implement pagination for list endpoints
Security
- Use authorization on all endpoints
- Enable WAF for REST APIs
- Use API keys for rate limiting (not authentication)
- Enable access logging
- Use HTTPS only
Reliability
- Set up throttling to protect backends
- Configure timeout appropriately
- Use canary deployments for updates
- Monitor with CloudWatch
Troubleshooting
403 Forbidden
Causes:
- Missing authorization
- Invalid API key
- WAF blocking
- Resource policy denying
Debug:
# Check API key
aws apigateway get-api-key --api-key abc123 --include-value
# Check authorizer
aws apigatewayv2 get-authorizer --api-id abc123 --authorizer-id xyz789
502 Bad Gateway
Causes:
- Lambda error
- Integration timeout
- Invalid response format
Lambda response format:
# Correct format
return {
'statusCode': 200,
'headers': {'Content-Type': 'application/json'},
'body': json.dumps({'message': 'success'})
}
# Wrong - missing statusCode
return {'message': 'success'}
504 Gateway Timeout
Causes:
- Backend timeout (Lambda max 29 seconds for REST API)
- Integration timeout too short
Solutions:
- Increase Lambda timeout
- Use async processing for long operations
- Increase integration timeout (max 29s for REST, 30s for HTTP)
CORS Errors
Debug:
- Check OPTIONS method exists
- Verify headers in response
- Check origin matches allowed origins
References
Source
git clone https://github.com/itsmostafa/aws-agent-skills/blob/main/skills/api-gateway/SKILL.mdView on GitHub Overview
Amazon API Gateway is a fully managed service for creating, publishing, and securing APIs at any scale. It supports REST APIs, HTTP APIs, and WebSocket APIs, enabling integration with Lambda, HTTP backends, or AWS services, along with built-in authorization, stage management, rate limiting, and troubleshooting capabilities.
How This Skill Works
Define Resources and Methods for your API, choose an Integration type (Lambda Proxy, Lambda Custom, HTTP Proxy, AWS Service, or Mock), and deploy to one or more Stages. Use the AWS CLI or SAM templates to create APIs, configure backends, and publish deployments; monitor traffic and errors to troubleshoot.
When to Use It
- When you need a fully managed API surface for Lambda-backed services.
- When you require low-latency HTTP APIs for simple backends.
- When you need REST APIs with transformation, custom authorizers, and advanced features.
- When you want stage-based deployment environments (dev, prod) and versioning.
- When you must enforce rate limits, quotas, and monitor API health to troubleshoot issues.
Quick Start
- Step 1: Decide API type (HTTP vs REST) and integration (Lambda Proxy recommended).
- Step 2: Create the API via CLI or SAM template as shown in examples.
- Step 3: Deploy to a stage and test the API endpoint; add authorization as needed.
Best Practices
- Choose the API type based on requirements: HTTP for simple, REST for rich features.
- Prefer Lambda Proxy integration unless you need request/response transformation.
- Use stages and deployments to manage environments and track changes.
- Configure robust authorization (IAM, Lambda Authorizers) and resource policies.
- Enable throttling, logging, and CloudWatch metrics to monitor health and troubleshoot.
Example Use Cases
- Create an HTTP API connected to a Lambda function using the AWS CLI.
- Create a REST API with Lambda Proxy integration and deploy to prod.
- Define an HttpApi in a SAM template with a simple route and function.
- Deploy a new stage using create-deployment and test the endpoint.
- Example Python Lambda handler for API Gateway events showing how to parse method, path, and body.
Frequently Asked Questions
Add this skill to your agents
