This project demonstrates how to create a REST API using Amazon API Gateway with Lambda proxy integration. It uses AWS CloudFormation for Infrastructure as Code (IaC) and Python as the runtime for Lambda functions. The architecture is designed to be secure, scalable, and cost-efficient, making it ideal for serverless API deployments.
Key features include:
- Serverless architecture using AWS Lambda and API Gateway.
- Private VPC for enhanced security.
- AWS Powertools for Lambda to implement best practices like structured logging, tracing, and metrics.
- Multi-AZ deployment for high availability and fault tolerance.
Below is the architecture of the application:
- Amazon API Gateway: Handles HTTP requests and routes them to Lambda.
- AWS Lambda (Python): Processes requests and returns responses.
- AWS CloudFormation: Deploys and manages the infrastructure as code.
mindmap
root )AWS Cloud(
VPC
Network ACL
Allow and Deny rules
Subnets
Route Table
Private Subnet
Security Group
Security Group Rule
VPC Endpoints
Lambda
API Gateway
Rest API Lambda Proxy Integration
CloudFormation
This architecture illustrates a serverless API deployment using AWS API Gateway, AWS Lambda, and a VPC with private subnets.
- The entire setup is hosted within an AWS Cloud region.
- A VPC (Virtual Private Cloud) is created to host private resources.
- Network Access Control Lists (NACLs) are configured for security.
- Two private subnets are deployed in separate Availability Zones (A and B).
- Each subnet hosts an AWS Lambda function, ensuring redundancy and high availability.
- The architecture uses private route tables.
- These subnets do not have direct internet access.
- Lambda functions are deployed inside private subnets.
- They handle backend logic and process API requests.
- Amazon API Gateway is the public-facing endpoint for receiving HTTP requests.
- Routes incoming traffic to the appropriate AWS Lambda function.
- AWS Interface Endpoints are used for private communication between AWS services.
- Allow Lambda functions to interact with AWS Public Services without requiring an Internet Gateway or NAT Gateway.
- Represents AWS-managed services that API Gateway or Lambda functions might access, such as:
- Amazon S3
- DynamoDB
- Other AWS APIs
- End-users send HTTP requests to API Gateway, which invokes the backend Lambda functions securely.
AWS Powertools for AWS Lambda is a suite of utilities that helps developers build serverless applications faster while following best practices. It provides features like structured logging, tracing, metrics, and various utilities to enhance AWS Lambda functions. AWS Powertools is available for Python, Java, .NET, and TypeScript.
- Security: Lambda functions reside in private subnets for restricted access.
- Scalability: API Gateway and Lambda automatically scale based on traffic.
- Reliability: Multi-AZ deployment ensures fault tolerance.
- Cost Optimization: Uses AWS Serverless services to reduce infrastructure costs.
This architecture is ideal for secure, scalable, and cost-efficient serverless API deployments using AWS Lambda within a VPC.
Before setting up the project, ensure you have:
- An AWS account
Ensure you have the following installed:
- AWS CLI (Installation Guide)
- Python 3.x (Download)
- Clone the repository https://github.com/subhamay-bhattacharyya/aws-cfn-nested-stacks and upload them to a S3 bucket in your AWS account. This repository contains the nested stack CloudFormation templates.
- Clone the repository https://github.com/subhamay-bhattacharyya/0108-networking-cft.git and use it to create a VPC with private only subnets.
Follow these steps to set up the project locally:
git clone https://github.com/subhamay-bhattacharyya/1111-api-gateway-py-cft.gitcd 1111-api-gateway-py-cft
cd lambda-code/src
python3 -m venv myenv
source myenv/bin/activate
pip install -r requirements.txt
mkdir package
cp -r myenv/lib/python3.x/site-packages/* package/
cd package && zip -r ../<lambda-function-base-name>.zip .- Use the S3 Bucket names (Code repository storing the zip file CloudFormation nested stack templates) as paremeters.
Follow the prompts to provide the necessary configuration, such as stack name and AWS region.
Once deployed, retrieve the API Gateway URL from the output and test it using:
curl https://your-api-id.execute-api.your-region.amazonaws.com/<Stage Name>/After importing the Postman Collection and Environment, update the API_HOST environment variable with the API Endpoint.
To delete the deployed resources either use AWS CloudFormation console or CLI
Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this project better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
Distributed under the MIT License. See LICENSE for more information.
Subhamay Bhattacharyya
