In the API Gateway dashboard, you will see a list of existing APIs. Select an API to view its configurations, stages, and resources.
Stages:
Click on Stages under the selected API to explore different deployment stages (e.g., dev, prod). Stages allow you to manage multiple environments for the same API.
Resources:
In the left-hand navigation, select Resources to view the endpoints (methods) of the API, such as GET, POST, PUT, etc. Each resource represents a path that your API exposes to clients.
3. Exploring the AWS Well-Architected Framework Pillars
Explore the Stages section to understand how the API is deployed across environments (e.g., dev, test, prod). Each stage may have its own settings for logging, throttling, and caching.
CloudWatch Logs:
In the Stage settings, look for Logs/Tracing to check if CloudWatch Logs and X-Ray Tracing are enabled. Logging and tracing provide insights into API requests and responses, aiding in troubleshooting and operational monitoring.
Deployment History:
Review the deployment history for each stage to track changes and rollbacks. Maintaining a history of deployments helps ensure operational consistency and allows for quick recovery in case of issues.
Under Resources, select a specific endpoint and inspect the Method Request settings to see if authorization is enforced (e.g., IAM roles, Cognito User Pools, or Lambda Authorizers). Properly configured authorization ensures that only authenticated and authorized clients can access the API.
Throttling:
Check the Stage settings for Default Method Throttling. This setting helps protect your API from abuse or excessive usage by defining limits on the number of requests per second.
API Keys and Usage Plans:
In the left-hand navigation, explore API Keys and Usage Plans to see how API keys are configured for clients. Usage plans help enforce request quotas and rate limits, ensuring the API is not overwhelmed by excessive requests.
Resource Policies:
Under the Settings section of the API, inspect Resource Policies to review IP whitelisting, CIDR blocks, and VPC endpoint restrictions. Proper resource policies help secure API endpoints from unauthorized access.
Under the Settings section of the API, review the Endpoint Type (e.g., Regional, Edge-Optimized, Private). Using the right endpoint type ensures reliable access to the API based on your use case.
Caching:
In the Stage settings, check if API Caching is enabled. Caching API responses helps reduce latency and improves availability by minimizing the need for repeated calls to backend services.
Monitoring:
In the Monitoring section of API Gateway, review metrics such as 4XX Errors, 5XX Errors, Latency, and Integration Latency. These metrics help track API performance and reliability. High error rates or latency can indicate issues that need to be addressed to maintain reliability.
Explore the Usage Plans section to see how API requests are controlled and limited using API keys. Proper usage plans prevent overuse, keeping costs predictable and manageable.
Throttling and Caching:
Under Stage settings, review the throttling and caching configurations. Enabling caching for frequently accessed endpoints can reduce backend processing and API Gateway costs by serving cached responses.
Monitoring Metrics:
In the Monitoring section, check metrics like Request Count and Cache Hit Count. High request counts without caching may indicate potential cost-saving opportunities by adjusting cache settings or optimizing API usage plans.
In the Stage settings, review the Cache settings, including Cache TTL (Time to Live). Proper caching can significantly improve API performance by reducing latency and the number of calls made to the backend.
Endpoint Configuration:
Check the Endpoint Type (e.g., Regional, Edge-Optimized) in the Settings section. For APIs serving global traffic, Edge-Optimized endpoints leverage Amazon CloudFront to reduce latency and improve performance.
Method Integration:
Under Resources, explore each method’s Integration Request to see how the API integrates with backend services (e.g., Lambda functions, HTTP endpoints). Using asynchronous integrations (e.g., invoking Lambda asynchronously) can enhance performance for certain use cases.
Metrics and Logs:
In the Monitoring section, inspect Latency and Integration Latency metrics to identify performance bottlenecks. Consistent monitoring helps identify areas for optimization, such as adding caching or adjusting integration methods.
Log in to the AWS Management Console of securitytooling account.
AWS Config:
If AWS Config is enabled, use it to review compliance rules related to API Gateway, such as ensuring that logging is enabled or that APIs enforce authorization.
Security Hub:
If AWS Security Hub is available, check for findings related to API Gateway security configurations. This can highlight potential security risks, such as publicly accessible endpoints without authorization.