Forem: Muhammad Shakeel

AWS API Gateway Input/Output Mapping | Part 1

Muhammad Shakeel — Thu, 04 Aug 2022 20:12:00 +0000

I want to just create a really simple lambda function to demo how do I let's start by changing the output okay. I have already created lambda function.

Create Lambda function

You use a Lambda function for the backend of your API. Lambda runs your code only when needed and scales automatically, from a few requests per day to thousands per second.

Lambda functions and Lambda layers See the full story before going on

I'm going to create some JSON object that is my response and let's assume that my JSON object is some kind of student right so. I have an ID a name and email whatever other additional details I care about for a student okay so I'm going to say that there's an ID that'll be a numeric a name which will be some string an email an age weight that should be fine. so this is my response I build an object that has some key value pairs and save the lambda function.



exports.handler = async (event) => {
  const response = {
    "id": 1,
    "name": "joe bloN",
    "email": "m.shakeel0581@gmial.com",
    "age": 44,
    "weight": 258,
  }
  return response;
};

Here is code of lambda function, update the lambda function with above code and hit the deploy.

Connect lambda function to an API gateway

Now I want to connect this lambda function to an API gateway so that I can access this function over the Internet through an API so maybe I want to write a JavaScript application that's gonna connect to that URL okay. So in order to do, that I'm going to go over to API and I'm going to build out a RESTful API.

I already created and setup RESTful API in my previous story. See the full story before going on

So open 'sample-Api' from API Gateway that have created above mentioned story. so right now, we're not doing anything with this to reshape our data but I'm able to test this.
Choose the method POST and go to Method Test page.

okay so if I just click on test. I want to see what the return value. I can hit test there are no parameters and you'll notice if I test it, you can see that I get that student object that I created in lambda.

okay so a couple of things about this pipeline. The top two boxes are for the request, as the request is coming in the method request I can do validation like did you pass in JSON web token for authorization or did you pass in an API key or if you're inserting a new record.

In the integration response and then the method response will have information about like your requests are your response headers if we're gonna enable cores which is cross-origin resource sharing so that we can access our API from remote domains.

So all of those different filters or boxes are up for a reason.

Models

API gateway there's a section called models alright. I have explained about modal in my last story.

You can find out modal section in this story here.
I'm building out a restful api and I'm gonna have different HTTP verbs I might be getting students I might be inserting students I may be updating students I might be deleting students I need to know what a student actually looks like I know what a student looks like because I built it in lambda it has an ID a name and email and agent weight so that's what I wanted to find as a student object but then I want to clarify what a student object is I would argue that the ID is a number the name is a string the emails a string the age is a number and the weights a number okay so I want to be specific about what a student is I want to provide a definition saying these are the properties that compose a student and those properties are of these specific data types okay if I want to do hat I do that in models so I'm jumping over to model.
I'm gonna create a model. My model is gonna be student and the content type is going to be application/JSON. The model name is required the content type is required the descriptions not required but I'm just putting in kind of a generic description and then I'm going to paste that schema definition that I had taken from Amazon ad just create the model.



{
"$schema": "https://json-schema.org/draft-04/schema",
"title": "MATCDemoStudentOutputModel",
"type": "object",
    "properties": {
        "id": { "type": "number" },
        "name": { "type": "string" },
        "email": { "type": "string"},
        "age": { "type": "number" },
        "weight": { "type": "number" }
    }
}

So now I'm going to integrate model schema to the Integration Response.
Select Integration Response from POST - Method Execution.

I'm going into that mapping template and then click on Add mapping template.

Add Content-Type application/json and click check icon to add.
Now I can choose that model is student. So if I choose that model as my template it builds me dummy data it says here's the properties that I know about for a student this is what should be their data gives dummy data right.

we don't make any changes I just say based on the model I have some dummy data if I save it right now and go back and I want to test this see if it's working. Remember I'm gonna make a request that's all done for me that's what the test does I end up at my lambda end point and before what was happening is as returning a student that looked like this this is what's defined in lambda this fake student now that I've defined my mapping template in my integration response. I said no that's not what the data is gonna look like I want to use some dummy data. I'm kind of ignoring the response from lambda right those values were hard-coded pi and foo for the name and email. So now if I test this, you'll notice that I get the data from the integration response that dummy data.

okay so we can get a little closer so if I go back into my mapping template let's assume that age and weight are sensitive right so we don't want to send that information. I'm just not going to include it in my template I know what the model was I know the model included agent weight I don't want people that are gonna use my API to see that information so I've changed my mapping template so now I save it .

Now if I go back and I test it again now you'll notice the age and weight are removed it doesn't have the data that we want.

They'll right it has the hard-coded data for the ID and the name and the email like I probably want to get that information from my lambda function I just want to strip off the variables that I don't want my API consumers to see it's that fair.

so this Joe Blow this is the data assuming that Joe Blow is an actual student but I want his age and weight stripped off okay so if I go back over to my integration response the way I'm going to get that is with that templating language okay so for the ID the way I'm gonna get the ID is I'm going to use my variable input root an input root is talking about the root element of my response so the root element of my JSON response so input root is really this object so I want the input root Dot ID and here I want the input root name and here I want the input root email okay so I'm saying from my response that I got back from lambda I have a variable called input root as which is referring to that root element that got returned and now I'm saying pick out the individual components so that I can build an object that looks like this

Okay now if I go back and I test it I intentionally okay here's the mapping template.

so I know that initially I started with a student that had an email maybe my client application expects it to be email address.
let's assume that I don't want to return email to the end user I want to return an email address I can create a new property

Okay now I go back I test it you can see that my output is email address all of these changes are great I've built all of these changes in my API gateway.

if we want to reshape the data we're going to be under resources and then a specific method in the integration response is where we would reshape our data.

Explain AWS Cognito Authorizers Like I'm Five

Muhammad Shakeel — Fri, 29 Jul 2022 18:55:28 +0000

I am developing a react native mobile app. I want my user to login in one device with once account. If a user tries to login to another mobile device with same account, he should be logout from the first mobile device. but official docs of AWS cognito provide two options either logout or global logout. In global logout it logs user out from device 1 and 2 both. what is expected If a user logs in second mobile device it should automatically be logout from the other one.

Please see the attached SDK link.
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#globalSignOut-property
SDK: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#globalSignOut-property

How to validate request body | Amazon API Gateway

Muhammad Shakeel — Wed, 27 Jul 2022 20:44:20 +0000

this week I have learned about payload or body validation in AWS API Gateway and want to share it. Last week we learned how to create API using the AWS API Gateway service. Here, you can read about it
In this session, we will learn about how to validate body or payload in the AWS API. we have already set up the API gateway and we just focus on API body validation, how can active body validation and how its works.

Overview of basic request validation in API Gateway

Request validation is used to ensure that the incoming request message is properly formatted and contains the proper attributes. API Gateway can perform the basic validation. This enables you, the API developer, to focus on app-specific deep validation in the backend. For the basic validation, API Gateway verifies either or both of the following conditions:

The required request parameters in the URI, query string, and headers of an incoming request are included and non-blank.
The applicable request payload adheres to the configured JSON schema request model of the method.

First, we need to create a model to set up JSON schema request. Before creating model, we need to know about the model.

Models

In API Gateway, a model defines the data structure of a payload. In API Gateway models are defined using the JSON schema draft 4.

The following JSON object describes sample data that describes the fruit or vegetable inventory in the produce department of a likely supermarket.

Suppose we have an API for managing clothing inventory in the produce department of a supermarket. When a manager queries the backend for the current inventory, the server sends back the following response payload:



{
  "department": "produce",
  "categories": [
    "jeans",
    "shirt"
  ],
  "dress": [
    {
      "category": "jeans",
      "type": "pants",
      "price": 1.99,
      "quantity": 232
    },
    {
      "category": "jeans",
      "type": "casual",
      "price": 0.19,
      "quantity": 112
    },
    {
      "category": "jeans",
      "type": "shorts",
      "price": 1.29,
      "quantity": 57
    }
  ]
}

you can see detail about Models here

Create a model

Sign in to the API Gateway console at https://console.aws.amazon.com/apigateway.
Choose a REST API. In my case I will choose sample-Api, that I have been created in last story. see here
Choose the Models tab from left and Choose Create.

For Model Name, type name for the model 'item'.
For Content Type, type the model's content type (for example, application/json for JSON).
(Optional) For Model description, type a description for the model.
For Model schema, type the model's schema.



{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title":"Item Schema",
        "type": "object",
        "properties":{
            "ID":{ "type": "number"},
            "name":{ "type": "string"},
            "price":{ "type": "number"}
        },
        "required":["ID","name","price"]

}

Choose Create model.

Request validation using the API Gateway console with model

The API Gateway console lets you set up the basic request validation on a method using one of the three validators:

Validate body: This is the body-only validator.
Validate query string parameters and headers: This is the parameters-only validator.

Validate body, query string parameters, and headers: This validator is for both body and parameters validation.

To enable a request validator on a method

Choose resource tab and then choose method the resource 'POST'.

Choose Method Request.

Choose the pencil icon of Request Validator under Settings.

Choose Validate body from drop down list. Then choose the check mark icon to save your choice.

Choose the Body Request and choose add model.

Now add Content type 'application/json' and Model name 'item' from drop down list under the Modle Name. Then choose the check mark icon to save your choice.

last step to deploy the API to sample stage. Select Actions button and choose Deploy API.

A pop up appear, choose 'smapleStage' from Deployment stage drop down and Deploy.

How does it work

we need to check this out request body validation is working fine with the rest API. For this, we need to use the postman to generate the post request with the request body

Test REST API in postman to verify that body validation working file with rest API

CHoose POST request, Set header 'Content-Type' with value 'application/json' and body

Set request body with dummy data and hit the send button.

you can see that our Lambda function invoked and its return response.

Now change the body request and remove the any field and its value. Hite the send button. This time you can see its return error "Invalid request body".

Explain Aws API Gateway vulnerabilities Like I'm Five

Muhammad Shakeel — Sat, 23 Jul 2022 19:34:16 +0000

I have used API gateway to build business logic for my app that invokes lambda function. For security assurance, I have generated a VAT report of the base URL of API from my cyber security expert. A total of 9 Vulnerabilities have been detected including Four Medium, three low-level, and two informational-level vulnerabilities have been identified.

(CSP) Wild Card Directive
Content Security Policy (CSP) Header Not Set
Cross-Domain Misconfiguration
Missing Anti-clickjacking Header
Server Leaks Information via “X-Powered-By” HTTP Response Header Field(s)
Timestamp Disclosure – Unix
X-Content-Type-Options Header Missing
Charset Mismatch
Re-examine Cache Directives

how can remove these all Vulnerability ? is there a need to set or define custom headers? ( if yes then where and how I can do that, either be in API Gateway console or lambda script or in my client or app side code where this API Gateway base URL is invoking ) ?

How to create API using AWS API Gateway service - Amazon API Gateway Serverless

Muhammad Shakeel — Sun, 03 Jul 2022 13:09:12 +0000

Hello everyone!, this is Muhammad Shakeel, I'm going to write my First story on dev.to. so today I'm talking about AWS API Gateway. API Gateway are very useful and give us many advantages like

Efficient API development
Performance at any scale
Cost savings at scale
Easy monitoring
Flexible security controls
RESTful API options

Get started with Amazon API Gateway for REST APIs
so we getting started exercise, you create a serverless API. Serverless APIs let you focus on your applications, instead of spending time provisioning and managing servers. Amazon API Gateway provide three types of APIs

API type

1. HTTP API
HTTP APIs are designed with minimal features so that they can be offered at a lower price.The HTTP API provides an HTTP endpoint for your Lambda function. API Gateway routes requests to your Lambda function, and then returns the function's response to clients.more about HTTP API

2. WebSocket API
WebSocket APIs maintain persistent connections with clients for full-duplex communication

3. REST API
A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. API Gateway REST APIs use a request/response model where a client sends a request to a service and the service responds back synchronously.

4. REST API Private
REST API that is only accessible from within a VPC.

Setup REST API

I'm going to create REST APIs. API Gateway also supports HTTP APIs and WebSocket APIs, but an REST API is the best choice for this exercise. REST APIs support more features than HTTP APIs.

Create Lambda function
You use a Lambda function for the backend of your API. Lambda runs your code only when needed and scales automatically, from a few requests per day to thousands per second.

Lambda functions and Lambda layers See the full story before going on

Create REST API
An API endpoint can be

Edge-optimized API endpoints(best for geographically distributed clients. API requests are routed to the nearest CloudFront Point of Presence)
Regional API endpoints (intended for clients in the same region. When a client running on an EC2 instance calls an API in the same region, or when an API is intended to serve a small number of clients with high demands, a regional API reduces connection overhead)
Private API endpoints(API endpoint that can only be accessed from your Amazon Virtual Private Cloud (VPC) using an interface VPC endpoint)

The taking after endpoint sort changes are supported

From edge-optimized to regional or private
From regional to edge-optimized or private
From private to regional

But You cannot alter a private API into an edge-optimized API

we are goin to create REST API with Edge-optimized API endpoints for the best performance.

Sign in to the API Gateway console at Here
Choose create API.
As you can see there are 4 types of APIs. From REST API, choose Build.

You can see the new page is open, and there is some defaults options are selected.

In the Settings portion write API name 'sample-Api', Description ( Optional, you can leave it empty ) and choose Endpoint type 'Regional' and Hit the save.

(You can also Clone from existing API by choosing this option form the portion above the setting and Select API that you want to clone)

Now we need to create and deploy the resource and method. In the Resources tab, click on Actions button and choose Create Method

Choose choose method POST and click check Icon.

Now we need to setup POST method. Choose Integration type Lambda Function and in Lambda Function choose sample-function by typing the input field. Press the save

a pop-up appear with name 'Add Permission to Lambda Function', click 'Ok' for add to give API Gateway permission to invoke your Lambda function.

you can see the 'smaple-function' Lambda function are attached.

Now we need to Enable CORS. You can read about CORS here Click Actions and choose 'Enable CORS'. There are some defaults values are selected, don't need to change them and click Blue right Button.

A Confirm method changes pop-up appear, Click the blue button from pop-up. Its enable the CORS.

All steps has been done, We just need to be deploy out API to Stage. Click again Action button and choose 'Deploy API' from API ACTION. A Deploy API pop-up appear, select [New Stage] from Deployment stage option. Type stage name 'sampelStage', Type Stage description (optional) and Deployment description (optional). Click blue button Deploy.

All step has done now we need to test our API. Copy the Invoke URL from Stages tab, that appear on top. you can also see that our created stage are shoeing in this page.

How does it work!?

Once the Lambda function with REST API has been setup, The REST API from AWS API gateway could be invoked similar to how any other REST APIs are invoked with CURL, Postman.

Lambda function latest code
exports.handler = async (event) => { return { "Status": 200, "Message": "Helo From Sample Lambda" }; };

Test REST API in postman

as you can see, our REST API run successfully.

Clean up

Sign in to the API Gateway console at Here
and choose API 'sample-Api' and click Actions, then choose Delete.
An Delete API pop-up appear, click delete from this pop-up.