API Implementation on AWS Serverless Architecture

This article describes the implementation of RESTful API on AWS serverless architecture. It provides a detailed overview of the architecture, data flow, and AWS services that can be used. This article also describes the benefits of the serverless architecture over the traditional approach.

What Is Serverless Architecture?

Serverless architecture, also known as serverless computing or function as a service, is a software design approach that allows developers to build and run applications without managing the underlying infrastructure. A cloud service provider is responsible for managing and scaling the cloud infrastructure, including provisioning servers to run applications, databases, and storage.

Importance of Serverless Architecture

Businesses only pay for the computing resources they use (e.g., number of requests, execution time, and resources consumed), so there are no upfront costs for hardware or software. This eliminates the need to pay for idle infrastructure, leading to significant cost savings.

Serverless architectures automatically scale up and down in response to the workload. This ensures that applications can handle varying levels of traffic.

Each function can scale independently, ensuring that resources are allocated efficiently based on demand.

Serverless architecture is well-suited for event-driven applications, where functions are triggered by specific events such as HTTP requests, database changes, or message queue updates.

AWS Services To Be Used for Implementation

The following AWS services can be incorporated into the implementation of the REST API. The list below mentions the AWS service along with its purpose in the API implementation.

Route53

Route53 can be used for domain registration, DNS routing, traffic flow, traffic management, health checks, and monitoring.

API Gateway

Use the API Gateway for creating, publishing, maintaining, monitoring, and securing REST APIs at any scale.

HTTP methods (GET,POST, PUT, DELETE, PATCH, OPTION) can be created under the API Gateway. These methods can be integrated into the respective front controller Lambda function.  

WAF

AWS WAF (web application firewall) helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources. We can associate the WAF with an API gateway to filter out malicious requests.

With WAF we can configure the following:

• Web ACLs – Rules and rule groups to determine the traffic to be allowed
• Custom rule - IP set match conditions, string and regex match conditions, geo match conditions, rate-based rules
• Bot Control

Lambda

Lambda Function for Authorization

The Lambda authorizer takes the caller's identity as the input and returns an IAM policy as the output. Use a Lambda authorizer to implement a custom authentication and authorization.

Lambda after authentication and authorization lambda returns two types of policies to the API Gateway:

1. Allow
2. Deny

Lambda Functions for Business Logic

Lambda functions to implement business logic, call other lambda functions, downstream services, and databases. 

Other AWS Services

• CloudWatch – Use AWS CloudWatch to monitor your application and store logs, dashboards, and alerts that can also be created for reports and proactive monitoring.
• SQS and SNS – Use AWS SQS to store asynchronous messages and SNS to push notifications to lambda functions.
• Dynamo DB or RDS – Application database
• IAM – Identity and access management service to define roles and accesses to your AWS resources
• VPC, Subnet, Security Groups - VPC isolates AWS resources in a secure network, Subnets segment the VPC for organization, and Security Groups control traffic with firewall rules.

Architecture and Data Flow

The architecture diagram below describes the set of AWS services used, data flow, and integration with other services.

At a high level, the client sends an HTTP request to Amazon API Gateway, which triggers an AWS Lambda function. The Lambda function processes the request, interacts with other AWS services if needed (such as DynamoDB for data storage), and returns a response back to API Gateway, which then sends the response to the client.

Data Flow Steps

1. The user makes an HTTP request to API with valid authorization headers (i.e., JWT token, API keys, etc.).
2. Route 53 forwards the request to API Gateway which will be intercepted by web application firewall.
3. Web application firewalls have different rules configured to protect applications from web attacks. If the firewall detects any such malicious request, it blocks the request immediately, or else forwards it to the API Gateway.
4. Lambda Authorizer configured with API Gateway intercepts the request and authenticates and authorizes the user request. If the user is authorized to access the underlying resource, the request will be forwarded to the front controller lambda.
5. Front controller lambda delegates the request to respective service lambda functions.
6. As per the business logic, service lambda processes the request and returns the appropriate response to the client.
7. While processing the request, service lambda functions can call downstream REST APIs or databases. Service lambda functions also listen to SNS queues or subscribe to SNS.
8. Identity and access management (IAM) service is used to define roles to resources and provide access to those roles. 
9. All resources will push the application logs to CloudWatch for monitoring and troubleshooting purposes.

Typical Use Cases

• Serverless architecture can be utilized for event-driven applications where data needs to be processed in real-time, such as data stream or notification processing.
• Microservices can be implemented and deployed independently and in isolation on serverless architecture for better scalability.
• The application to process scheduled tasks can be implemented and deployed on serverless architecture which can be triggered based on a particular time.
• All those use cases where cost is a critical component can go for serverless architecture. 

Infrastructure Provisioning and Deployment

In an enterprise, there are multiple environments available apart from production for development and testing purposes. Creating the same set of resources in different environments and tracking configuration changes manually can be a challenging task and may introduce errors.

To address this issue, Terraform (infrastructure as a code) can be used. Terraform helps to replicate the resources from one environment to another. Along with that, it also tracks the state of the infrastructure.

Deployment can be automated by any CI/CD tool (such as Jenkins or GitLab) with Terraform.

Conclusion

In conclusion, leveraging AWS serverless architecture for developing REST APIs offers multiple advantages in terms of scalability, cost-effectiveness, and ease of management.

By adopting a serverless approach, developers can focus more on building robust APIs without the overhead of managing servers. AWS Lambda's event-driven model allows for seamless scaling, ensuring your APIs can handle varying workloads efficiently.