Welcome to this AWS Mini Project where you are going to get the experience of interacting with API Gateway. Specifically, you're
going to create an API using API Gateway and
provide functionality to this API using Mock
integrations, Lambda integrations, and AWS Service integrations. So this is going to be a
really good mini project to get the practical experience across all of these different features. Now to get started, you'll need to be logged
into an AWS account with an identity which
has admin permissions. If you're using any of my courses, then you can use the IAM admin user within the general AWS account, so the management account
of the organization. Otherwise, just make sure that you are logged into an AWS account using an identity with admin permissions and then click on the region dropdown and I normally suggest the
Northern Virginia region so US-East-1, but in this case, this mini project will work in
most if not all AWS regions, but I do recommend Northern Virginia. Now the AWS service integration that we're going to use
within this mini project is going to be SNS, so the Simple Notification Service, and to do that, we need to create a topic. So first we're going to
move to the SNS console, so type SNS in the search box at the top and then open Simple Notification
Service in a new tab. Go to that tab, click on the
hamburger menu on the left, so that's the three lines,
and then select Topics. Once you're there, click on Create Topic. We're going to create a standard topic and for the topic name, put API-Messages. Now scroll down and under Access Policy, we are going to keep the basic method but we're going to change publishers and subscribers to use
specific AWS account, which is your AWS account. So click on the publishers dropdown and select only the specified AWS accounts and then click on the account
dropdown on the top right and click on the copy symbol
next to your account ID and this is going to copy your account ID without hyphens into your clipboard. Once you've done that,
paste that into this box and do the same for subscribers. So click in the dropdown and select only the specified AWS accounts and then paste in your account ID. Once you've done that, you can leave everything else as default, scroll right down to the bottom,
and click on Create Topic. Once the topic's created, we
need to create a subscriber and in our case it's going
to be an email subscriber. So go ahead and click
on the Subscriptions tab and create a subscription. In the protocol dropdown,
click and select email and then change the endpoint
to your email address. I'm going to use my email address, but you need to use your own email address to make sure that you receive the emails. So type in your email address, scroll to the bottom, and
create the subscription. Now you will get an email asking you to confirm this subscription. Until you do confirm it, the subscription state will
be pending confirmation. So click on Topics, go back into the topic,
go to Subscriptions click on the link in the email
to confirm the subscription, and once you do, if you refresh this, it should change to confirmed and you need it to be
confirmed before you move on. Now, another integration
type that we're going to use is a Lambda function integration. So to do that in the search
box at the top type Lambda and then right click on Lambda
and open that in a new tab. Once you're there, click
on Create Function. We're going to author
the function from scratch and it's going to be called api-return-ip. So put that in the function name box, change the runtime to Python 3.9, and make sure the
architecture is set to X86_64. Once it is, go ahead and
click on Create Function. Once that's created, scroll down and then in the code source box, delete the temporary code that's there and paste in the code from
the text-based instructions attached to this lesson. Essentially all this code
does is extract the IP address of the requester from the event object, so this will be your IP
address, and then it returns it. So essentially it outputs your IP address. So once you've got that code in there, make sure you click on Deploy to deploy that to the Lambda function and then we're going to go
ahead and create the API itself. So click in the search box at the top and type API Gateway and
then open that in a new tab and then click on APIs
on the menu on the left and scroll down and locate Rest API. Make sure you don't pick Rest API Private because we don't want a private API, we want a public one and it
needs to be a rest public API. So in my case, that's the top Rest API box and then I'm gonna go
ahead and click on Build. Now if this is the first
time you're creating an API, you'll see this dialogue. Just go ahead and click on okay. Now we are going to be
creating a Rest API. It's going to be a brand
new API, so check this box. And then for the API name, just type My-Demo-API and it's going to be a regional API, so make sure that regional
is set in the endpoint type. Once you've done that, go
ahead and click on Create API. Now in order to use APIs with API Gateway, we need to create resources and methods. So the first thing we need
to do is create a resource. So click on Actions and
Select Create Resource. The first resource that
we're going to create is our mock resource. A mock resource is something
generally used for testing and you'll generally make
it return some static data. It's often used for testing, so under resource name type Mock, the resource path should
automatically populate with mock in lowercase. If it does, that's good. Go ahead and click on Create Resource. Once we have a resource,
we need to create a method and the method is exactly
how this resource interacts with some kind of compute or
in the case of a mock resource, it's how we configure exactly
what the mock resource does. So make sure you've got
the mock resource selected and then click on Actions
and create a method. Now under method we have to
select the type of http request that we're going to use with it, such as Get Post or Delete. In this case, we're going to select Get so select Get in the dropdown and click on the tick to
confirm that selection. Now the integration type
is going to be mock, so go ahead and select that
and then click on Save. Now because this is a mock integration, we don't need to worry
about the method request or the integration request
or the method response. What we are going to do is
click on Integration Response and then we're going to expand this, then underneath we're going
to expand mapping templates and we're going to add a mapping template. It's going to be Application/JSON and click on the tick to confirm that and then in the box on the right, we're going to paste in the JSON that this mock integration is
going to be responding with. Now it doesn't matter what you put here, I've just put a funny message, "This response is mocking you," you can put anything you
want inside this message. Just make sure you include it inside the speech marks
next to message colon. So only change the part
inside the speech marks which are shown on screen as
"This response is mocking you." Don't change status code or the value or don't
change the message key. Once you've done that, go
ahead and click on Save, scroll up and then click
on the other save button. Now with this version of the UI, it won't give you any feedback, but as long as you've clicked
on both of those save buttons, then you are good to go. Now that's the mock
integration configured. Next, click on the
forward slash at the top, click on Actions, and click
on Create Resource again. This time call it Lambda and it should populate the resource path with Lambda in lowercase. So it's here where we're going to configure
the Lambda integration. So this is creating part of an API which Lambda will provide
the compute resources for. So once you've done that, go ahead and click on Create Resource, make sure to click on /Lambda, then click on Actions and
click on Create method. Again, we're going to
change this one to Get, so select Get in the dropdown
and click on the tick and then under the
integration Configuration, we're going to set the integration
type to Lambda function and then check the box next to
Use Lambda Proxy Integration. Make sure the Lambda region is set to the region where you
created the Lambda function. All of this needs to
be in the same region, so in my case, it's Northern Virginia and then just start typing API and then you should see
an auto-populated box with the name of the Lambda function, so api-return-ip, select that, and then click on Save. Now you'll need to give
API Gateway permission to invoke your Lambda function
and by clicking on, okay, AWS will handle this automatically. This adjusts the resource
policy on the Lambda function to allow it to be invoked
by the API Gateway. So this is the policy that
you generally don't see from within the UI, just
like an S3 bucket policy, a Lambda resource policy
controls what can invoke that Lambda function and
we need to add API Gateway and it's done automatically
using this dialogue. So go ahead and click on okay and that means whenever
this resource is used on the API Gateway, it's going to pass the data
into the Lambda function when it invokes the Lambda function, the Lambda function will return some data and that will be passed
back to the client. Now the last type of integration that we're going to configure
is the AWS service integration and this is going to use SNS. To do that though, we
need to create a role that the API Gateway will use
to publish messages to SNS. So go ahead and click in
the search box at the top and type IAM and then
open that in a new tab and go to that tab. Then go to Roles and click on Create Role. It's going to be an AWS service role, so make sure that box
is checked, scroll down. In the dropdown, go ahead
and start typing API and then click API Gateway and make sure API Gateway is selected. Once it is, you can go
ahead and click on Next. These are permissions that
this role will be given and we can leave this as Default. Go ahead and click on Next. Under role name, go ahead and enter api-gw-sns-role, scroll all the way to the
bottom and create the role. Now once the role's
created, find it in the list and click on it and then make sure the
permissions tab is selected, click on Add Permissions and
then Create Inline Policy. We're going to add additional permissions to this API Gateway role. So click on JSON, delete the placeholder,
and paste in this JSON and this JSON is contained within the text based instructions
attached to this video. Now this policy is just
going to give this role the ability to interact with SNS, so this is how API Gateway will be able to directly publish messages into the Simple Notification Service. So go ahead and click on Review Policy, call the policy SNS Publish and then click on Create Policy. Once you've done that, we can go back to the
tab that you've got open to API Gateway. Make sure you click on the forward slash, so this is the top level of API Gateway, click on Actions, Create Resource. For the resource name type SNS and this will populate the resource path and then you can click on Create Resource, click on the resource, so /SNS and click on Actions
and then Create Method. Now for the method type,
click in the dropdown and because we are going to be
giving API Gateway some data, we need to put the post method, so change this to Post and
then click on the tick. The integration type is
going to be AWS service, so check that box, make
sure the region is set to the region that you are using, in my case US-East-1, make sure the AWS service is set to Simple Notification Service, SNS. You can leave the AWS subdomain blank. For the http method, make sure that you also select Post, under Action type, we're going to select Use Action Name, and then under Action,
we're going to put Publish. So this is the action
that's going to be used with Simple Notification Service whenever API Gateway uses SNS
as part of this integration. Next, we need to put
the ARN of the IAM Role that we've just created, so go back to the IAM
console, copy down the ARN of the api-gw-sns-role
that you just created and then paste that into this box. Now this will mean whenever
this particular resource of the API is used, then the API Gateway is going
to publish a message to SNS and this is how you can directly
use various AWS services. Now API Gateway supports other direct AWS service integrations. This is just one example. At this point, we can go
ahead and click on Save and then we need to
make some modifications. So first click on Method Request. So this is configuring
exactly what happens when this method is
interacted with by the client. So we need to specify some
URL query string parameters that are going to be
passed in by the client to this API resource. So click on this dropdown and then click on Add Query String and for the first query string type Topic ARN in Camel case, so uppercase T and uppercase A, and then click on the tick and then click on Add Query String again and type Message with an
uppercase M and click on the tick. So this is going to mean that API Gateway is going
to expect both a message and a topic ARN to be passed
in using query strings when this API resource is interacted with. So go ahead and click on Post below /SNS and next we need to
make some modifications inside integration request. So this configures how that
data is sent to the integration, so in this case, Simple
Notification Service. So click on Integration
Request, scroll down and under URL Query String Parameters, again click on Add Query String. Firstly, put Message in the name and then under the mapped form, we need to put
method.request.querystring.Message with uppercase M and this configures how the data is mapped between the method request
and the integration request. So we're essentially creating a mapping between what the client
delivers to the API Gateway and what the API Gateway then
delivers to the integration, in this case, SNS. So click on the tick and then we need to do
the same process again for the topic ARN again in Camel case, so uppercase T and uppercase A, and then in the Mapped From, go ahead and type
method.request.querystring.TopicArn with an uppercase T and uppercase A and again, all of these
strings are contained within the instructions
attached to this lesson. So go ahead and click on the tick. Now at this stage, everything looks good so we can go ahead and deploy the API. So to do that, go ahead and click on the Actions
dropdown and then Deploy API. We need to deploy the API
to a particular stage, so select New Stage from
the dropdown and type V1 for the stage name and
then click on Deploy. Now this deployment process is going to give us an invoke URL, so this is the URL that
can be used to interact with this particular
stage of our API Gateway. So we'd use this URL and then we could access
any of the resources and thus the integrations
that we've configured within this API Gateway. So copy this invoke URL
into your clipboard. Then we're gonna go ahead and
open a brand new browser tab and we're going to paste in this URL. Now if we just use this directly, you'll see this error message, so "Missing Authentication Token." What we need to do is specify
the resource on the end, so we'll start with Mock. So put the invoke URL
and then /Mock on the end and I'm just going to increase the size just so you can see this better. Now because I'm using Firefox, I can have a nicely formatted JSON output or I can see the raw data. In either case, you should see the JSON that you configured within
the mock integration. In my case, a status code of
200, "This is mocking you." So that's the mock
integration working fine. This data is being returned by API Gateway using the mock integration. Next, I want to go ahead and
test the Lambda integration. Remember this is the Lambda code. Essentially what it does is extract from the event structure
the request context, identity source IP, so this
should be your IP address. So when we use this particular
resource at the API Gateway, it's going to invoke the Lambda function passing in some data, the Lambda function's going
to extract your IP address and then return that to your
browser via API Gateway. So let's test that out. So in a new browser tab,
we'll again use the invoke URL for the V1 stage of our API Gateway, only this time instead of
Mock, we'll use Lambda, so the Lambda resource name. Now depending on the
browser that you are using if you're using Firefox and you try to use the
pretty JSON version, you will get an error 'cause it's telling you
that it can't pass the JSON. This is logical because what's outputted
is just our IP address. If you're using any other browser, this should work fine straight away. If you're using Firefox, go
ahead and click on raw data and this will output your IP address. I've obviously blurred mine out on screen. You should see your IP
address and this is extracted from the request by the Lambda function and then it's returned
back to your web browser, so this will be your IP address. Now next we're going to test
out the SNS integration, but in order to do that, we
need to make a post request. Now we could use an
application such as Postman and the instructions for that are included in the text-based instructions
for this mini project. Alternatively, we can go ahead and directly test it using
the API Gateway console and that's what we're going to do. So go back to the API Gateway console and then I want you to go ahead and click on APIs and then
click on the My Demo API link. Then click on the post below SNS and there's a button here called Test with a
lightning symbol below it. So go ahead and click on Test and this will allow you to do a test of this API Gateway resource and method. Now we need to type in the query strings to interact with this API Gateway method. So to do that, we're going to
use Topic ARN in Camel Case, so uppercase T and A and then equals and then we'll lead the
ARN for the SNS topic. So move back to that tab and copy that into your
clipboard and then paste that in. Then we're going to use an and symbol and then Nessage with
an uppercase M equals and then we're going to
type a message in there and if you want spaces, you need to use the plus
to represent a space, so I'm going to use "Cats are amazing." So that's going to send
into this API Gateway method two different query strings, the topic ARN together with a message and remember, this is what we configured
the integration to expect. So scroll down and click on Test and then on the right, you'll be able to see the response body, the response headers, as well as any logs, so go ahead and explore those, but what you should also get is an email because remember you configured
an email subscription to this SNS topic so you should receive an
email containing the message that you just entered. Now that's everything I wanted to cover in this brief mini-project
on the API Gateway together with Mock, Lambda,
and AWS service integrations. Now API Gateway is a
really powerful product that you can use to create managed APIs either on their own or as part
of serverless architectures. This mini project has only
scratched the surface, but hopefully it will give you some idea on how you can use it
in your own projects. We have come to the end of
this mini project though and so what remains is for us
to tidy up our AWS account. So to do that, go ahead and click on APIs and select the API that you created, click on Actions and then
Delete and click Delete Confirm, then go back to the SNS
tab, click on Topics, select the topic you
created, click on Delete, type delete space meet, and
then click Delete to confirm, then go to Subscriptions,
select your subscription, click on Delete and
click Delete to confirm, go back to the IAM
console, click on Roles, then find the api-gw-sns-
that you created, check the box and click on Delete. You'll need to confirm that deletion with the role name and then click Delete. Then go back to the Lambda console, click on Functions, select the
Lambda function you created, click on Actions and then
Delete and then type delete and click to confirm that
deletion and click on Close and now the Lambda function's deleted. Go back to the IAM console and locate the api-return-ip-role that was automatically created when you created the Lambda function. Yours might be slightly different, but it should start with
the name of the function, so api-return-ip, select
it, click on Delete. You'll need to confirm that
with the name of the role and then click Delete to delete that role. Then in the search box at
the top, type CloudWatch and open that in a new tab, go
to Logs and then Log Groups. Now you might see lots
of log groups listed. You're interested in the
one that's named the same as the function that you
just created and deleted, so look for api-return-ip, select that log group, click
on Actions, Delete Log Groups, and confirm that deletion and that means the account is now back in the same state as it was
before this mini project. So that's everything
you're going to be doing in this mini project. I hope it's been enjoyable. At this point though, go
ahead and complete this video and when you're ready, I'll look forward to you joining me in another
exciting mini project.
