5.3 Amazon API Gateway
Key Takeaways
- API Gateway is a fully managed service for creating, publishing, and securing REST, HTTP, and WebSocket APIs at any scale.
- REST APIs offer full feature set (caching, request validation, WAF integration, usage plans); HTTP APIs are simpler, faster, and up to 71% cheaper.
- API Gateway integrates with Lambda (serverless APIs), EC2/ALB/NLB, and any HTTP endpoint as backend targets.
- Usage plans and API keys enable rate limiting, throttling, and monetization of APIs.
- API Gateway supports request/response transformation, CORS configuration, custom authorizers (Lambda, Cognito), and canary deployments.
Last updated: March 2026
Amazon API Gateway
Quick Answer: API Gateway creates and manages APIs. REST APIs offer full features (caching, WAF, usage plans). HTTP APIs are simpler and up to 71% cheaper. Both integrate with Lambda for serverless APIs. Use API Gateway + Lambda for serverless API architecture.
API Types
| Type | Protocol | Features | Cost | Best For |
|---|---|---|---|---|
| REST API | HTTP | Caching, WAF, usage plans, API keys, request validation, canary | $3.50/million requests | Full-featured APIs, monetized APIs |
| HTTP API | HTTP | Simple routing, JWT authorizers, CORS | $1.00/million requests | Simple APIs, Lambda proxy, cost-sensitive |
| WebSocket API | WebSocket | Bidirectional real-time communication | $1.00/million messages | Chat, notifications, streaming |
Key Features
Authentication and Authorization
| Method | Description |
|---|---|
| IAM | IAM policies control access (great for AWS-to-AWS) |
| Cognito | User pools for token-based auth |
| Lambda Authorizer | Custom auth logic (validate tokens, check databases) |
| API Keys | Identify callers (not for authentication — for tracking/throttling) |
Caching (REST API only)
| Feature | Detail |
|---|---|
| TTL | 0-3600 seconds (default 300 seconds) |
| Size | 0.5 GB to 237 GB |
| Per-stage | Each deployment stage has its own cache |
| Invalidation | Per-key invalidation or flush entire cache |
| Cost | $0.020/hour (0.5 GB) to $3.800/hour (237 GB) |
Throttling
| Setting | Default |
|---|---|
| Account-level | 10,000 requests/second per Region |
| Stage-level | Configurable per stage |
| Method-level | Configurable per method |
| Usage plans | Per-client throttling and quota |
Integration Types
| Type | Description | Use Case |
|---|---|---|
| Lambda Proxy | Passes full request to Lambda; Lambda returns full response | Most common serverless pattern |
| Lambda Custom | API Gateway transforms request/response | Complex request/response mapping |
| HTTP Proxy | Passes request to HTTP endpoint | Backend on EC2, ALB, external service |
| AWS Service | Direct integration with AWS services (S3, SQS, Step Functions) | No Lambda needed for simple integrations |
| Mock | Returns a response without calling any backend | Testing, static responses |
On the Exam: "Create a serverless REST API with the least operational overhead" → API Gateway + Lambda. "Throttle API requests per client" → API Gateway usage plans with API keys.
Test Your Knowledge
A company wants to create a serverless REST API that triggers Lambda functions and caches responses for 5 minutes. Which API Gateway type should they use?
A
B
C
D
Test Your Knowledge
Which API Gateway integration type allows direct integration with AWS services like SQS without using Lambda?
A
B
C
D