Process events asynchronously with Amazon API Gateway and AWS Lambda
Created by Andrea Meroni (AWS), Nadim Majed (AWS), Mariem Kthiri (AWS), and Michael Wallner (AWS)
Summary
Amazon API Gateway is a fully managed service that developers can use to create, publish, maintain, monitor, and secure APIs at any scale. It handles the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls.
An important service quota of API Gateway is the integration timeout. The timeout is the maximum time in which a backend service must return a response before the REST API returns an error. The hard limit of 29 seconds is generally acceptable for synchronous workloads. However, that limit represents a challenge for those developers who want to use API Gateway with asynchronous workloads.
This pattern shows an example architecture to process events asynchronously using API Gateway and AWS Lambda. The architecture supports running processing jobs of duration up to 15 minutes, and it uses a basic REST API as the interface.
Projen
Prerequisites and limitations
Prerequisites
An active AWS account
The following tools installed on your workstation:
AWS Cloud Development Kit (AWS CDK) Toolkit version 2.85.0
Docker
version 20.10.21 Node.js
version 18.13.0 Projen
version 0.71.111 Python
version 3.9.16
Limitations
The maximum runtime of a job is limited by the maximum runtime for Lambda functions (15 minutes).
The maximum number of concurrent job requests is limited by the reserved concurrency of the Lambda function.
Architecture
The following diagram shows the interaction of the jobs API with the event-processing and error-handling Lambda functions, with events stored in an Amazon EventBridge event archive.
A typical workflow includes the following steps:
You authenticate against AWS Identity and Access Management (IAM) and obtain security credentials.
You send an HTTP
POST
request to the/jobs
jobs API endpoint, specifying the job parameters in the request body.The jobs API, which is an API Gateway REST API, returns to you an HTTP response that contains the job identifier.
The jobs API invokes asynchronously the event-processing Lambda function.
The event-processing function processes the event, and then it puts the job results in the jobs Amazon DynamoDB table
You send an HTTP
GET
request to the/jobs/{jobId}
jobs API endpoint, with the job identifier from step 3 as{jobId}
.The jobs API queries the
jobs
DynamoDB table to retrieve the job results.The jobs API returns an HTTP response that contains the job results.
If the event processing fails, the event-processing function sends the event to the error-handling function.
The error-handling function puts the job parameters in the
jobs
DynamoDB table.You can retrieve the job parameters by sending an HTTP
GET
request to the/jobs/{jobId}
jobs API endpoint.If the error handling fails, the error-handling function sends the event to an EventBridge event archive.
You can replay the archived events by using EventBridge.
Tools
AWS services
AWS Cloud Development Kit (AWS CDK) is a software development framework that helps you define and provision AWS Cloud infrastructure in code.
AWS Command Line Interface (AWS CLI) is an open source tool that helps you interact with AWS services through commands in your command-line shell.
Amazon DynamoDB is a fully managed NoSQL database service that provides fast, predictable, and scalable performance.
Amazon EventBridge is a serverless event bus service that helps you connect your applications with real-time data from a variety of sources. For example, Lambda functions, HTTP invocation endpoints using API destinations, or event buses in other AWS accounts.
AWS Lambda is a compute service that helps you run code without needing to provision or manage servers. It runs your code only when needed and scales automatically, so you pay only for the compute time that you use.
Other tools
autopep8
automatically formats Python code based on the Python Enhancement Proposal (PEP) 8 style guide. Bandit
scans Python code to find common security issues. Commitizen
is a Git commit checker and CHANGELOG
generator.cfn-lint
is an AWS CloudFormation linter Checkov
is a static code-analysis tool that checks infrastructure as code (IaC) for security and compliance misconfigurations. jq
is a command-line tool for parsing JSON. Postman
is an API platform. pre-commit
is a Git hooks manager. Projen
is a project generator. pytest
is a Python framework for writing small, readable tests.
Code repository
This example architecture code can be found in the GitHub Asynchronous Event Processing with API Gateway and Lambda
Best practices
This example architecture doesn't include monitoring of the deployed infrastructure. If your use case requires monitoring, evaluate adding CDK Monitoring Constructs
or another monitoring solution. This example architecture uses IAM permissions to control the access to the jobs API. Anyone authorized to assume the
JobsAPIInvokeRole
will be able to invoke the jobs API. As such, the access control mechanism is binary. If your use case requires a more complex authorization model, evaluate using a different access control mechanism.When a user sends an HTTP
POST
request to the/jobs
jobs API endpoint, the input data is validated at two different levels:Amazon API Gateway is in charge of the first request validation.
The event processing function performs the second request.
No validation is performed when the user does an HTTP
GET
request to the/jobs/{jobId}
jobs API endpoint. If your use case requires additional input validation and an increased level of security, evaluate using AWS WAF to protect your API.
Epics
Task | Description | Skills required |
---|---|---|
Clone the repository. | To clone the repository locally, run the following command:
| DevOps engineer |
Set up the project. | Change the directory to the repository root and set up the Python virtual environment and all the tools by using Projen
| DevOps engineer |
Install pre-commit hooks. | To install pre-commit hooks, do the following:
| DevOps engineer |
Task | Description | Skills required |
---|---|---|
Bootstrap AWS CDK. | To bootstrap AWS CDK in your AWS account, run the following command:
| AWS DevOps |
Deploy the example architecture. | To deploy the example architecture in your AWS account, run the following command:
| AWS DevOps |
Task | Description | Skills required |
---|---|---|
Install test prerequisites. | Install on your workstation the AWS Command Line Interface (AWS CLI), Postman Using Postman | DevOps engineer |
Assume the | Assume
| AWS DevOps |
Configure Postman. |
| AWS DevOps |
Test the example architecture. | To test the example architecture, send requests | DevOps engineer |
Troubleshooting
Issue | Solution |
---|---|
Destruction and subsequent redeployment of the example architecture fails because the Amazon CloudWatch Logs log group |
|