AWS API Gateway – Certification

AWS API Gateway

  • AWS API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale
  • API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.
  • API Gateway has no minimum fees or startup costs and charges only for the API calls received and the amount of data transferred out.
  • API Gateway acts as a proxy to the configured backend operations.
  • API Gateway scales automatically to handle the amount of traffic the API receives
  • API Gateway expose HTTPS endpoints only for all the APIs created. It does not support unencrypted (HTTP) endpoints
  • APIs built on API Gateway can accept any payloads sent over HTTP with typical data formats include JSON, XML, query string parameters, and request headers
  • API Gateway can communicate to multiple backends
    • Lambda functions
    • AWS Step functions state machines
    • HTTP endpoints exposed through Elastic Beanstalk, ELB or EC2 servers
    • Non AWS hosted HTTP based operations accessible via public Internet
  • API Gateway endpoints are always public to the Internet and does not run within an VPC. Proxy requests to backend operations also need to be publicly accessible on the Internet.

API Gateway

API Gateway helps with several aspects of creating and managing APIs

  • Metering
    • automatically meters traffic to the APIs and and lets you extract utilization data for each API key.
    • define plans that meter, restrict third-party developer access, configure throttling, and quota limits on a per API key basis
  • Security
    • helps removing authorization concerns from the backend code
    • allows leveraging of AWS administration and security tools, such as IAM and Cognito, to authorize access to APIs
    • can verify signed API calls on your behalf using the same methodology AWS uses for its own APIs
    • supports custom authorizers written as Lambda functions and verify incoming bearer tokens
    • automatically protects the backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3).
  • Resiliency
    • helps manage traffic with throttling so that backend operations can withstand traffic spikes
    • helps improve the performance of the APIs and the latency end users experience by caching the output of API calls to avoid calling the backend every time.
  • Operations Monitoring
    • integrates with CloudWatch and provides a metrics dashboard to monitor calls to API services
    • integrates with CloudWatch Logs to receive error, access or debug logs
    • provides with backend performance metrics covering API calls, latency data and error rates.
  • Lifecycle Management
    • allows multiple API versions and multiple stages (development, staging, production etc.) for each version simultaneously so that existing applications can continue to call previous versions after new API versions are published.
    • saves the history of the deployments, which allows rollback of a stage to a previous deployment at any point, using APIs or console
  • Designed for Developers
    • allows you to specify a mapping template to generate static content to be returned, helping you mock APIs before the backend is ready
    • helps reduce cross-team development effort and time-to-market for applications and allow dependent teams to begin development while backend processes is still built

API Gateway Throttling and Caching

API Gateway Throttling and Caching

  • Throttling
    • API Gateway provides throttling at multiple levels including global and by service call and limits can be set for standard rates and bursts
    • It tracks the number of requests per second. Any requests over the limit will receive a 429 HTTP response
    • Throttling ensures that API traffic is controlled to help the backend services maintain performance and availability.
  • Caching
    • API Gateway provides API result caching by provisioning an API Gateway cache and specifying its size in gigabytes
    • Caching helps improve performance and reduces the traffic sent to the back end
    • API Gateway handles the request in the following manner
      • If caching is not enabled and throttling limits have not been applied, then all requests pass through to the backend service until the account level throttling limits are reached.
      • If throttling limits specified, then API Gateway will shed necessary amount of requests and send only the defined limit to the back-end
      • If a cache is configured, then API Gateway will return a cached response for duplicate requests for a customizable time, but only if under configured throttling limits
  • API Gateway does not arbitrarily limit or throttle invocations to the backend operations and all requests that are not intercepted by throttling and caching settings are sent to your backend operations.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You are running a mobile media application and are considering API Gateway for the client entry point. What benefits would this provide? Choose 2 answers
    1. Caching API responses
    2. IP blacklisting
    3. Intrusion prevention
    4. Load balancing
    5. Throttling traffic


32 thoughts on “AWS API Gateway – Certification

  1. Hi,

    I found these two statements contradictory, could you please elaborate.

    API Gateway expose HTTPS endpoints only
    APIs built on API Gateway can accept any payloads sent over HTTP

    1. API gateways supports on HTTPS endpoints. For the data types that it can accept, it accepts any datatype that can be sent over HTTP like json, xml, headers or query strings etc.

  2. Hi Jaye,

    We need something about same origin policy and CORS, Pls do update if possible.


  3. I’d guess hat the answer to the practice question is wrong? “Intrusion prevention” is marked, but I think “Caching API responses” would be correct.

      1. Hi,

        are these answers correct for the above practice question, please confirm as i saw D and E are correct please explain

          1. Thanks for your prompt response …can you please provide the answer for the below questions.
            1. You’ve been tasked with choosing a datastore to persist GPS coordinates for a new app. The service needs consistent, singledigit-
            millisecond latency at any scale. Which AWS service meets your requirements?
            A. Amazon Redshift
            B. Amazon DynamoDB
            C. Amazon S3
            D. Amazon RDS

            is answer is B or D please confirm

            Your company’s IT policies mandate that all critical data must be duplicated in two physical locations at least 100 miles apart.
            Which storage option meets this requirement?
            A. Two Amazon S3 buckets in different regions
            B. One Amazon S3 bucket
            C. One Amazon Glacier archive
            D. Two Amazon S3 buckets in the same region

            is answer A or B please confirm

            Thanks in advance

  4. Hi Sita, for the first the Question 1 answer is B.

    Here is the reference –

    Amazon DynamoDB is a nonrelational database that delivers reliable performance at any scale. It’s a fully managed, multi-region, multi-master database that provides consistent single-digit millisecond latency, and offers built-in security, backup and restore, and in-memory caching.

    1. Hi Sujatha,
      Thanks for the confirmation….
      Do you have any idea for the second question
      Thanks in advance

  5. at least 100 miles apart – means anything more than 100 miles is ok. So answer “Two Amazon S3 buckets in different regions” is corrrect”.

  6. For the Second Question, the correct answer is…”B” … Because S3 stores your data in multiple facilities (Which is separated more than 100 miles) in the same region.

    1. If you check Singapore in google map you can see the distances between 2 zones must be less then 100 miles in SG region.

  7. Hi,

    Which of the below services are automatically integrated with API Gateway?

    A. CloudFront
    B. Lamda
    C. S3
    D. RDS

    I think A is the ans. Jayendra can you please help on this.

    1. CloudWatch is a metric monitoring tool, it does not monitor API calls but the metrics which can be used for monitoring, alerting and taking actions on it.
      CloudTrail is the one to monitor the API calls.

  8. Hi Jayendra,
    Mobile client requires data from several application layer interfaces to populate its user interface.what can application team use to decouplethe client interface from underlying services behind them.
    Would answer be API Gateway or application load balancer?

    1. API Gateway with a microservices architecture based on Lambda can work for you. ALB is more of an load balancer for underlying application.

  9. HI Jayendra, can you help about this:

    A user is testing a new service that receives location updates from 3,600 rental cars every hour.
    Which service will collect data and automatically scale to accommodate production workload?
    A. Amazon EC2
    B. Amazon Kinesis Firehose
    C. Amazon EBS
    D. Amazon API Gateway

    1. Only Kinesis make sense here as the service to be able to capture data. Although 3600/hour is not great amount of data.

        1. Kinesis is build for big data capture and ingestion service. However its not a managed service and you need to provision it accordingly.

  10. Hey,

    I was looking for CORS configuration on API Gateway, unable to find clear explanation on this anywhere. So if you can update this content that would be helpful.
    Thanks in advance.

Comments are closed.