Tutorial: Build an API Gateway REST API with Amazon integration
Both the Tutorial: Build a Hello
World REST API with Lambda proxy integration and Build an API Gateway REST API with Lambda
integration topics describe how to
create an API Gateway API to expose the integrated Lambda function. In addition, you can create an
API Gateway API to expose other Amazon services, such as Amazon SNS, Amazon S3, Amazon Kinesis, and even Amazon Lambda.
This is made possible by the AWS integration. The Lambda integration or the
Lambda proxy integration is a special case, where the Lambda function invocation is exposed
through the API Gateway API.
All Amazon services support dedicated APIs to expose their features. However, the
application protocols or programming interfaces are likely to differ from service to
service. An API Gateway API with the AWS integration has the advantage of providing a
consistent application protocol for your client to access different Amazon services.
In this walkthrough, we create an API to expose Amazon SNS. For more examples of integrating an API with other Amazon services, see Amazon API Gateway tutorials and workshops.
Unlike the Lambda proxy integration, there is no corresponding proxy integration for other Amazon services. Hence, an API method is integrated with a single Amazon action. For more flexibility, similar to the proxy integration, you can set up a Lambda proxy integration. The Lambda function then parses and processes requests for other Amazon actions.
API Gateway does not retry when the endpoint times out. The API caller must implement retry logic to handle endpoint timeouts.
This walkthrough builds on the instructions and concepts in Build an API Gateway REST API with Lambda integration. If you have not yet completed that walkthrough, we suggest that you do it first.
Topics
Prerequisites
Before you begin this walkthrough, do the following:
-
Complete the steps in Prerequisites for getting started with API Gateway.
-
Create a new API named
MyDemoAPI. For more information, see Tutorial: Build a REST API with HTTP non-proxy integration. -
Deploy the API at least once to a stage named
test -
Complete the rest of the steps in Build an API Gateway REST API with Lambda integration.
-
Create at least one topic in Amazon Simple Notification Service (Amazon SNS). You will use the deployed API to get a list of topics in Amazon SNS that are associated with your Amazon account. To learn how to create a topic in Amazon SNS, see Create a Topic. (You do not need to copy the topic ARN mentioned in step 5.)
Step 1: Create the Amazon service proxy execution role
To allow the API to invoke Amazon SNS actions, you must have the appropriate IAM policies attached to an IAM role.
To create the Amazon service proxy execution role
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. -
Choose Roles.
-
Choose Create role.
-
Choose Amazon service under Select type of trusted entity, and then select API Gateway and select Allows API Gateway to push logs to CloudWatch Logs.
-
Choose Next, and then choose Next.
-
For Role name, enter
APIGatewaySNSProxyPolicy, and then choose Create role. -
In the Roles list, choose the role you just created. You may need to scroll or use the search bar to find the role.
-
For the selected role, select the Add permissions tab.
-
Choose Attach policies from the dropdown list.
-
In the search bar, enter
AmazonSNSReadOnlyAccessand choose Add permissions.Note
This tutorial uses a managed policy for simplicity. As a best practice, you should create your own IAM policy to grant the minimum permissions required.
-
Note the newly created Role ARN, you will use it later.
Step 2: Create the resource
In this step, you create a resource that enables the Amazon service proxy to interact with the Amazon service.
To create the resource
Sign in to the API Gateway console at https://console.amazonaws.cn/apigateway
. -
Choose your API.
-
Select the root resource, /, represented by a single forward slash (/), and then choose Create resource.
Keep Proxy resource turned off.
Keep Resource path as
/.For Resource name, enter
mydemoawsproxy.Keep CORS (Cross Origin Resource Sharing) turned off.
Choose Create resource.
Step 3: Create the GET method
In this step, you create a GET method that enables the Amazon service proxy to interact with the Amazon service.
To create the GET method
-
Select the /mydemoawsproxy resource, and then choose Create method.
For method type, select GET.
For Integration type, select Amazon Web Service.
For Amazon Web Services Region, select the Amazon Web Services Region where you created your Amazon SNS topic.
For Amazon Web Service, select Amazon SNS.
Keep Amazon subdomain blank.
For HTTP method, select GET.
For Action type, select Use action name.
For Action name, enter
ListTopics.For Execution role, enter the role ARN for
APIGatewaySNSProxyPolicy.Choose Create method.
Step 4: Specify method settings and test the method
You can now test your GET method to verify that it has been
properly set up to list your Amazon SNS topics.
To test the GET method
Choose the Test tab. You might need to choose the right arrow button to show the tab.
Choose Test.
The result displays response similar to the following:
{ "ListTopicsResponse": { "ListTopicsResult": { "NextToken": null, "Topics": [ { "TopicArn": "arn:aws:sns:us-east-1:80398EXAMPLE:MySNSTopic-1" }, { "TopicArn": "arn:aws:sns:us-east-1:80398EXAMPLE:MySNSTopic-2" }, ... { "TopicArn": "arn:aws:sns:us-east-1:80398EXAMPLE:MySNSTopic-N" } ] }, "ResponseMetadata": { "RequestId": "abc1de23-45fa-6789-b0c1-d2e345fa6b78" } } }
Step 5: Deploy the API
In this step, you deploy the API so that you can call it from outside of the API Gateway console.
To deploy the API
Choose Deploy API.
For Stage, select New stage.
For Stage name, enter
test.(Optional) For Description, enter a description.
Choose Deploy.
Step 6: Test the API
In this step, you go outside of the API Gateway console and use your Amazon service proxy to interact with the Amazon SNS service.
-
In the main navigation pane, choose Stage.
-
Under Stage details, choose the copy icon to copy your API's invoke URL.
It should look like this:
https://my-api-id.execute-api.region-id.amazonaws.com/test -
Enter the URL into the address box of a new browser tab.
-
Append
/mydemoawsproxyso that the URL looks like this:https://my-api-id.execute-api.region-id.amazonaws.com/test/mydemoawsproxyBrowse to the URL. Information similar to the following should be displayed:
{"ListTopicsResponse":{"ListTopicsResult":{"NextToken": null,"Topics":[{"TopicArn": "arn:aws:sns:us-east-1:80398EXAMPLE:MySNSTopic-1"},{"TopicArn": "arn:aws:sns:us-east-1:80398EXAMPLE:MySNSTopic-2"},...{"TopicArn": "arn:aws:sns:us-east-1:80398EXAMPLE:MySNSTopic-N}]},"ResponseMetadata":{"RequestId":"abc1de23-45fa-6789-b0c1-d2e345fa6b78}}}
Step 7: Clean up
You can delete the IAM resources the Amazon service proxy needs to work.
Warning
If you delete an IAM resource an Amazon service proxy relies on, that Amazon service proxy and any APIs that rely on it will no longer work. Deleting an IAM resource cannot be undone. If you want to use the IAM resource again, you must re-create it.
To delete the associated IAM resources
Open the IAM console at https://console.amazonaws.cn/iam/
. -
In the Details area, choose Roles.
-
Select APIGatewayAWSProxyExecRole, and then choose Role Actions, Delete Role. When prompted, choose Yes, Delete.
-
In the Details area, choose Policies.
-
Select APIGatewayAWSProxyExecPolicy, and then choose Policy Actions, Delete. When prompted, choose Delete.
You have reached the end of this walkthrough. For more detailed discussions about creating API as an Amazon service proxy, see Tutorial: Create a REST API as an Amazon S3 proxy in API Gateway, Tutorial: Create a Calc REST API with two Amazon service integrations and one Lambda non-proxy integration, or Tutorial: Create a REST API as an Amazon Kinesis proxy in API Gateway.