How do I configure my Amazon API Gateway REST API for optimized performance and protection?

2 minute read

I want to configure my Amazon API Gateway REST API for optimized performance and protection.

Resolution

Associate a Gateway API REST API with a web ACL

To protect your REST API from common attacks, associate an AWS WAF web access control list (web ACL) with your REST API. Web ACLs let you define custom rules to filter and block malicious traffic before it reaches your API.

Note: AWS WAF supports only API Gateway REST APIs.

To associate a REST API with a web ACL, first create your web ACL in AWS WAF. Then, associate the web ACL with your API Gateway API to let AWS WAF monitor incoming requests. You can also use AWS WAF to apply rate-based rules on a REST API.

For more information, see Resources that you can protect with AWS WAF.

Use a data model schema

API Gateway supports a data model JSON schema for request validation. To improve performance and reliability, associate a data model with your REST API to make sure that your API receives and delivers data in a valid format.

Use a custom CloudFront distribution with API Gateway APIs

If your API clients are geographically dispersed, then use an edge-optimized API endpoint in API Gateway. Edge-optimized endpoints route requests to the nearest Amazon CloudFront Point of Presence (POP) to improve client connection time.

To use the global CloudFront content delivery network and maintain more control over the distribution, use a AWS Regional API with a custom CloudFront web distribution.

For more information, see How do I set up API Gateway with my CloudFront distribution?

Turn on CloudWatch Logs

To troubleshoot a REST API or WebSocket API, use Amazon CloudWatch Logs. For example, you can search the logs for REST API errors and 5## errors.

If you turned on CloudWatch Logs but you can't find logs, then see How do I troubleshoot missing CloudWatch logs for API Gateway REST APIs?

Note: HTTP APIs support only access logging. For more information, see Configure logging for HTTP APIs in API Gateway.

Related information

Monitor REST API execution with Amazon CloudWatch metrics

How do I use AWS WAF to restrict direct traffic to an Application Load Balancer and allow traffic through API Gateway?

What is Amazon CloudWatch Logs?

Topics: Serverless Front-End Web & Mobile Networking & Content Delivery
Tags: Amazon API Gateway
Language: English

AWS OFFICIALUpdated 7 months ago

No comments

Relevant content

Protect Public Restful APIs with API Gateway and oauth2.0
Accepted Answer
zeeshan
asked 3 years ago
How to switch my REST API from edge-optimized to regional and attach it to lambda as trigger?
Accepted Answer
Kael558
asked a year ago
AWS Api gateway for REST API does not work with multi-level base path mapping
AWS-User-3226203
asked 4 years ago
private rest connection
JessDL
asked 3 years ago
Optimizing Nested Resource Structure in API Gateway
rePost-User-2014670
asked 3 years ago
How can I forward the host header with private integration for an API Gateway REST API?
AWS OFFICIALUpdated 3 years ago
How do I resolve HTTP 502 errors from API Gateway REST APIs with Lambda proxy integration?
AWS OFFICIALUpdated 2 years ago
How do I migrate API Gateway REST APIs between AWS accounts or Regions?
AWS OFFICIALUpdated 2 years ago
How do I activate IAM authentication for API Gateway REST APIs?
AWS OFFICIALUpdated a year ago
Resolve "Endpoint request timed out" 504 errors when API Gateway invokes a Lambda function for long-running operations
published 23 days ago