How to Setup a Serverless REST API with AWS Lambda and API Gateway: A Comprehensive Guide
Serverless computing is one of the hottest trends in cloud computing today. By abstracting away the underlying infrastructure, serverless platforms enable developers to build and run applications without worrying about server management, scaling, or capacity planning.
According to a 2020 report by Datadog, serverless adoption has grown by 50% year-over-year, with AWS Lambda being the most popular serverless platform. The global serverless market size is expected to reach USD 21.1 billion by 2025, growing at a CAGR of 22.7% (Source).
Two of the most powerful services in the AWS serverless ecosystem are AWS Lambda and Amazon API Gateway. When used together, they provide a fully managed, scalable platform for building serverless APIs and web backends.
In this comprehensive guide, we‘ll dive deep into Lambda and API Gateway and walk through a complete tutorial of setting up a serverless REST API from scratch. We‘ll also discuss best practices, advanced use cases, and how to integrate with other AWS services. Let‘s get started!
AWS Lambda: Serverless Compute in a Nutshell
At its core, AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.
How Lambda Works
Lambda functions are stateless, event-driven, and ephemeral. They are triggered by events like HTTP requests, file uploads, database updates, or messages from other AWS services. When an event occurs, Lambda runs your function code in an isolated environment, scales it up or down based on the number of incoming events, and terminates it when the work is done.
This event-driven architecture makes Lambda ideal for a wide range of use cases beyond just APIs, including:
- Data processing
- Real-time file processing
- Real-time stream processing
- Web backends
- IoT backends
- Chatbots and Alexa skills
Lambda Runtimes and Languages
Lambda supports a wide variety of programming languages and runtimes, including:
- Node.js (JavaScript)
- Python
- Java
- C# (.NET Core)
- Go
- Ruby
- Custom runtimes (e.g. Rust)
This flexibility allows developers to use their language of choice when building serverless applications.
Lambda Pricing and Limits
Lambda offers a very granular, pay-per-use pricing model. You are charged based on the number of function invocations and the compute time and memory consumed by your functions. The first 1 million requests and 400,000 GB-seconds per month are free.
| Monthly Usage | Price |
|---|---|
| First 1M requests | Free |
| Next 1M requests | $0.20 per 1M requests |
| First 400,000 GB-seconds | Free |
| Next 400,000 GB-seconds | $0.00001667 per GB-second |
Lambda has a default concurrent execution limit of 1000 per account per region, but this can be increased on request. Individual functions have a max timeout of 15 minutes and a max memory allocation of 10 GB.
Amazon API Gateway: The Front Door for APIs
Amazon API Gateway is a fully managed service for creating, publishing, maintaining, monitoring, and securing APIs at scale. It acts as the "front door" for applications to access backend services like Lambda functions, HTTP endpoints, or other AWS services.
API Gateway Features
Some of the key features of API Gateway include:
-
RESTful APIs: Create resource-based, HTTP APIs with full support for standard HTTP methods, headers, and status codes.
-
WebSocket APIs: Build real-time, two-way communication apps like chat apps, streaming dashboards, and multi-player games.
-
Authentication and Authorization: Secure your APIs with API keys, IAM permissions, Lambda authorizers, or third-party OAuth providers.
-
Request Validation: Validate incoming requests against predefined schema models to reject invalid requests.
-
Request/Response Transformations: Modify request/response payloads on the fly, including content encoding, header manipulation, and body mapping templates.
-
API Caching: Cache API responses in API Gateway‘s in-memory cache to improve performance and reduce backend load.
-
Throttling and Quotas: Set rate limits and quota limits to prevent your APIs from being overwhelmed.
-
Custom Domains: Configure custom domain names for your APIs (e.g. api.example.com).
-
Monitoring and Logging: Monitor API usage, performance, and errors with Amazon CloudWatch. Log API calls to Amazon CloudWatch Logs.
API Gateway Pricing
Like Lambda, API Gateway has a pay-as-you-go pricing model based on the number of API calls, data transfer out, and caching.
| API Calls (per month) | Price |
|---|---|
| First 1 million | Free |
| Next 4 million | $0.90 per million |
| Next 15 million | $0.80 per million |
Data transfer out is charged at $0.09/GB for the first 10 TB. Caching is priced based on the size of the cache, starting at $0.02 per hour for a 0.5 GB cache.
Tutorial: Building a Serverless REST API
Now that we‘ve covered the fundamentals of Lambda and API Gateway, let‘s walk through a step-by-step tutorial of building a serverless REST API.
Step 1: Create a Lambda Function
- Open the AWS Lambda console and click "Create function".
- Choose "Author from scratch", name your function, and select a runtime (e.g. Node.js 16.x).
- In the code editor, replace the default code with:
exports.handler = async (event) => {
const body = JSON.parse(event.body);
const message = `Hello, ${body.name}!`;
return {
statusCode: 200,
body: JSON.stringify({ message })
};
};This function expects a JSON payload with a name property, and returns a "Hello" greeting.
Step 2: Test the Lambda Function
- Click the "Test" tab, configure a test event with a JSON body like
{ "name": "John" }, and click "Test". - Verify the function returns a 200 status code and the correct response body.
Step 3: Create an API Gateway API
- Open the API Gateway console and click "Create API".
- Choose "REST API" and "New API". Name your API and click "Create API".
- Create a new resource called
/helloand enable CORS. - Under the
/helloresource, create a newPOSTmethod. - For the integration type, choose "Lambda Function" and select your function.
- Click "Save" to create the API method.
Step 4: Deploy the API
- In the "Actions" menu, choose "Deploy API".
- Select "New Stage", enter a stage name (e.g.
prod), and click "Deploy". - Note the "Invoke URL" for your API stage.
Step 5: Test the API
Use curl or Postman to send a POST request to your API endpoint with a JSON payload:
curl -X POST -H "Content-Type: application/json" -d ‘{"name": "Alice"}‘ https://{api-id}.execute-api.{region}.amazonaws.com/prod/helloThe API should respond with a 200 status and the message {"message":"Hello, Alice!"}.
Best Practices for Building Serverless APIs
When building serverless APIs with Lambda and API Gateway, follow these best practices:
- Choose the right language and runtime for your use case. Node.js and Python are popular choices for APIs.
- Keep your functions small and focused on a single task. This makes them easier to test, maintain, and scale.
- Optimize your function performance by minimizing dependencies, using lightweight runtimes, and allocating adequate memory.
- Use Lambda layers to share common code and libraries across functions.
- Secure your APIs with authentication, authorization, rate limiting, and request validation.
- Enable caching in API Gateway to improve performance and reduce backend load.
- Monitor your APIs with CloudWatch metrics, logs, and alarms.
- Use Infrastructure as Code (IaC) tools like AWS SAM, Serverless Framework, or Terraform to define and deploy your APIs.
Advanced Serverless API Architectures
Serverless APIs built with Lambda and API Gateway can power a wide range of applications and use cases, including:
-
Web Application Backends: Use serverless APIs to power dynamic, scalable web apps. Combine them with AWS S3 for static hosting and Amazon DynamoDB or Aurora Serverless for data storage.
-
Data Processing Pipelines: Use Lambda functions to process and transform data from Amazon S3, DynamoDB Streams, or Amazon Kinesis. Trigger downstream functions to perform additional processing or store results.
-
Real-time Stream Processing: Use Lambda with Amazon Kinesis to process real-time data streams and power use cases like clickstream analytics, log filtering, and real-time metrics.
-
Chatbots and Voice Assistants: Build chatbots and Alexa skills backed by serverless APIs. Use Amazon Lex for natural language processing and Amazon Polly for text-to-speech.
Integrating with Other AWS Services
One of the strengths of building serverless APIs on AWS is the ability to easily integrate with other powerful AWS services. Some common integration patterns include:
-
Amazon S3: Use S3 to store and serve static web assets, images, and files. Trigger Lambda functions when objects are created or modified.
-
Amazon DynamoDB: Use DynamoDB as a fast, scalable NoSQL database for your APIs. Trigger Lambda functions from DynamoDB Streams to react to data changes.
-
Amazon Cognito: Use Cognito to add user sign-up, sign-in, and access control to your APIs. Integrate with API Gateway for authentication and authorization.
-
AWS AppSync: Use AppSync to build GraphQL APIs backed by Lambda functions. Get automatic real-time updates and offline synchronization for web and mobile clients.
-
AWS Step Functions: Use Step Functions to coordinate multiple Lambda functions into serverless workflows. Handle complex business logic and data flows.
-
Amazon EventBridge: Use EventBridge to build event-driven architectures. Trigger Lambda functions from a wide range of AWS and SaaS event sources.
Conclusion
In this comprehensive guide, we‘ve explored the world of serverless APIs with AWS Lambda and API Gateway. We‘ve covered the basics of how Lambda and API Gateway work, walked through a hands-on tutorial of building a REST API, and discussed best practices and advanced use cases.
The serverless approach to building APIs offers several key benefits:
- Scalability: Serverless APIs automatically scale up and down based on traffic, ensuring your APIs can handle any load without manual intervention.
- Cost Savings: With the pay-per-use pricing model of Lambda and API Gateway, you only pay for the compute and requests you actually use, rather than overprovisioning and paying for idle resources.
- Agility: Serverless APIs enable rapid development and deployment cycles, allowing you to iterate and ship new features faster.
Of course, serverless isn‘t a silver bullet and there are some trade-offs to consider, such as:
- Cold Starts: Lambda functions can experience latency when they are first invoked after a period of inactivity, known as a "cold start".
- Limited Execution Time: Lambda functions have a maximum execution time of 15 minutes, which may not be suitable for very long-running tasks.
- Package Size Limits: Lambda has a deployment package size limit of 250 MB (unzipped), which can be constraining for some applications.
Despite these trade-offs, serverless APIs have proven to be a powerful architectural pattern for a wide range of applications. By abstracting away the infrastructure, they allow developers to focus on writing business logic and delivering value to their customers.
To learn more about serverless development on AWS, check out these resources:
- AWS Serverless Learning Path
- AWS Serverless Workshops
- AWS Serverless Application Repository
- AWS Serverless Blog
I encourage you to dive in, experiment, and start building your own serverless APIs on AWS. The possibilities are endless!