Reputation: 61
AmazonWebService - Should i use AWS API Gateway or AWS SDK
I'm trying to call a lambda function from NodeJS. After research i know 2 ways to do it:
- Assign Lambda function into AWS API Gateway and call that API.
- Call Lambda function through AWS SDK
What are pros and cons of API Gateway and AWS SDK ? And when to use each way above?
Upvotes: 3
Views: 2071
Answers (2)
Reputation: 274
I disagree with _DF about the security concern on invoking lambda directly through client. Over the 4 years I implementing Client + AWS SDK on my serverless approach. Direct hit to all microservices we have such as Lambda, DynamoDB, S3, SQS, etc.
To work with this approach, we have to strong understand about IAM Role Policy including its statements concept, Authentication Token, AWS Credential, and Token - Credential exchange.
For me, using SDK is better to implement serverless rather than API Gateway. Why I prefer to implementing SDK instead of API on my serverless infra?
- API Gateway is Costly
- Network hop-less
- In fact, SDK is commonly contain an API to communicate with other applications Class base and simple call such as dynamodb.put(params).promise(), lambda.invoke(params).promise(), s3.putObject(params).promise(), etc. We can see a sample API call like fetch(URL).promise(), the term is not really different
- API is more complex and some case can't or shouldn't be handled with
- SDK is not scalable? No, I dont think so. Because it's class base, it's so scalable.
- Slimming the infra and code writing, i.e to work with s3 no need deploy API+Lambda
- Speed up the process, i.e storing data to dynamodb no need business logic through API+lambda
- Easy maintaining, we only maintain our client code
- Role Policy is more scalable; etc
Upvotes: 3
Reputation: 3983
It depends. API Gateway is mostly used to give temporary access to Lambda functions in environments that are not secure (i.e. browsers, desktop apps, NOT servers).
If your environment is secure, as in it runs on an EC2 instance with an IAM role, or another server with secure stored credentials, then feel free to use the SDK and call the Lambda function correctly.
If you need to expose your Lambda function to the entire internet, or to authorised users on the web, or to any user that has the potential to grab the access key and secret during transit, then you will want to stick API Gateway in front.
With API Gateway you can secure your Lambda functions with API keys, or through other authorisers such as Amazon Cognito so that users need to sign in before they can use the API endpoint. This way they only gain temporary credentials, rather than permanent ones that shouldn't be available to anyone.
Upvotes: 5
Related Questions
- Amazon Lambda with API Gateway vs Elastic Beanstalk for REST API
- aws api gateway & lambda: multiple endpoint/functions vs single endpoint
- When to use lambda with api gateway and dynamodb
- AWS Lambda vs EC2 REST API
- AWS Lambda vs EC2: Which one to choose
- Node.js RESTful API server on AWS EC2 vs AWS API Gateway
- Amazon API Gateway for .NET core vs implementing own API gateway?
- Invoking AWS Lambda - API Gateway vs direct invocation
- AWS Lambda + API Gateway Development Best Practices
- AWS API Gateway - to use with AWS EC2 Endpoint or AWS Lambda?