By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
For AWS Solutions Architect – Associate (SAA-C03) & Real-World Deployments
You’re a cloud engineer at a fintech startup. Your team built a microservice in Lambda that processes payments, but now the frontend team needs a way to call it securely. The backend team insists on rate limiting to prevent abuse, and the security team demands audit logs for every request. API Gateway is the Swiss Army knife that solves all of this in one place.
What breaks if you ignore it?- No security: Your Lambda functions are exposed directly to the internet (bad).- No scalability: You’ll manually handle spikes in traffic (impossible at scale).- No observability: You won’t know who’s calling your API or how often.- No cost control: Unlimited requests = unlimited bills.
What superpower does it give you?- Single entry point for all your backend services (Lambda, EC2, ECS, HTTP endpoints).- Built-in security (IAM, Cognito, API keys, WAF integration).- Traffic control (throttling, caching, request/response transformations).- Real-time updates (WebSocket APIs for chat apps, live dashboards, or stock tickers).
Real-world scenario:You inherit a legacy monolith that exposes a REST API directly from an EC2 instance. Your task: 1. Migrate to serverless (Lambda + API Gateway).2. Add authentication (Cognito).3. Cache responses to reduce Lambda invocations (cost savings).4. Log every request to CloudWatch for compliance.
GET /users
POST /orders
/users
GET
POST
DELETE
dev
prod
v1
v1.2
PUT
api.yourcompany.com
4XXError
5XXError
Latency
Count
Prerequisites:- AWS account with admin IAM permissions.- AWS CLI installed (aws --version).- A Lambda function (we’ll create one).
aws --version
# Create a Lambda function (Python 3.9) aws lambda create-function \ --function-name HelloWorld \ --runtime python3.9 \ --role arn:aws:iam::YOUR_ACCOUNT_ID:role/lambda-basic-execution \ --handler lambda_function.lambda_handler \ --zip-file fileb://function.zip
function.zip contents (lambda_function.py):
function.zip
lambda_function.py
def lambda_handler(event, context): return { "statusCode": 200, "body": "Hello from Lambda!" }
Verify:
aws lambda invoke --function-name HelloWorld output.txt && cat output.txt # Expected: {"statusCode": 200, "body": "Hello from Lambda!"}
# Create the API aws apigateway create-rest-api --name 'HelloWorld API' --description 'My first API'
Note the id in the response (e.g., abc123).
id
abc123
aws apigateway get-resources --rest-api-id abc123
Note the id of the root resource (e.g., def456).
def456
/hello
aws apigateway create-resource \ --rest-api-id abc123 \ --parent-id def456 \ --path-part hello
Note the new resource ID (e.g., ghi789).
ghi789
aws apigateway put-method \ --rest-api-id abc123 \ --resource-id ghi789 \ --http-method GET \ --authorization-type NONE
aws apigateway put-integration \ --rest-api-id abc123 \ --resource-id ghi789 \ --http-method GET \ --type AWS_PROXY \ --integration-http-method POST \ --uri arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:YOUR_ACCOUNT_ID:function:HelloWorld/invocations
⚠️ Replace YOUR_ACCOUNT_ID with your actual AWS account ID.
YOUR_ACCOUNT_ID
aws apigateway create-deployment \ --rest-api-id abc123 \ --stage-name prod
Note the invokeUrl in the response (e.g., https://abc123.execute-api.us-east-1.amazonaws.com/prod).
invokeUrl
https://abc123.execute-api.us-east-1.amazonaws.com/prod
curl https://abc123.execute-api.us-east-1.amazonaws.com/prod/hello # Expected: "Hello from Lambda!"
aws apigateway update-stage \ --rest-api-id abc123 \ --stage-name prod \ --patch-operations op=replace,path=/accessLogSettings/destinationArn,value=arn:aws:logs:us-east-1:YOUR_ACCOUNT_ID:log-group:API-Gateway-Execution-Logs_abc123/prod
com.amazonaws.vpce.us-east-1.vpce-svc-xyz
AWS_PROXY
staging
LambdaArn: ${stageVariables.LambdaArn}
Environment=prod
Owner=team-x
CostCenter=123
5XXError > 0
Latency > 1000ms
SuccessfulPayments
FailedLogins
${stageVariables.LambdaArn}
No 'Access-Control-Allow-Origin' header
Trap: REST API is more expensive but has more features.
"How do you secure an API for mobile users?"
Trap: API keys are for rate limiting, not authentication.
"How do you reduce latency for a global API?"
Trap: API Gateway is regional—use CloudFront for global caching.
"How do you debug a 500 error in API Gateway?"
Trap: Lambda logs won’t show API Gateway errors.
"How do you roll back a broken API deployment?"
Challenge:Deploy a WebSocket API that echoes back any message sent to it (like a chat app). Use: - API Gateway (WebSocket) - Lambda (Python) - DynamoDB (to store connection IDs)
Solution:1. Create a DynamoDB table (Connections) with connectionId as the primary key.2. Create a Lambda function to handle $connect, $disconnect, and $default routes.3. Deploy a WebSocket API with routes: - $connect → Lambda (store connection ID in DynamoDB) - $disconnect → Lambda (remove connection ID) - $default → Lambda (echo message back to sender) 4. Test with wscat: ```bash wscat -c wss://YOUR_API_ID.execute-api.us-east-1.amazonaws.com/prod
Connections
connectionId
$connect
$disconnect
$default
wscat
Hello < Hello ```
Why it works:- WebSocket APIs maintain persistent connections.- DynamoDB stores active connections for broadcasting messages.
aws apigateway create-rest-api --name "MyAPI"
aws apigatewayv2 create-api --name "MyHTTPAPI" --protocol-type HTTP
aws apigatewayv2 create-api --name "MyWebSocketAPI" --protocol-type WEBSOCKET
aws apigateway update-stage --rest-api-id abc123 --stage-name prod --patch-operations op=replace,path=/caching/enabled,value=true
aws apigateway update-stage --rest-api-id abc123 --stage-name prod --patch-operations op=replace,path=/accessLogSettings/destinationArn,value=arn:aws:logs:...
/aws/api-gateway/...
--type AWS_PROXY
Access-Control-Allow-Origin: *
Final Tip:API Gateway is the glue between your frontend and backend. Master it, and you’ll never expose a Lambda function directly to the internet again. ?
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.