Integration with Any AWS Service

Generic approach

AWS has hundreds of services, and they continue to grow. Many of these can be integrated directly with the API Gateway. Unfortunately, we can’t have an independent tutorial for each of those services. We have just too many of them. So, instead, this lesson tries to identify a generic approach for connecting with any service accessible from the API Gateway.

Connecting with services

Before we get into the details, we should look at a basic concept. Almost all AWS services export a REST API to connect with them. However, the interface to these services is inconsistent. For example, some services expect data in the path parameters, others in the query string, and others in the body of the API request.

Along with the payload, the services require an IAM based handshake for authentication and authorization. Therefore, we don’t need the API Gateway if we can implement it ourselves. It’s too complex, however, so we have to use the API Gateway, the AWS CLI, or one of the SDKs to connect with the individual services.

When we connect to a service using the API Gateway, we can assign an IAM role to the request. AWS then manages the IAM authentication internally, allowing us to configure the payload using the integration framework. With that problem out of our way, we must learn the details of how we should integrate the payload.

The AWS API documentation gives us details about each API and its payload. However, most developers aren’t willing to read documentation. So, here’s a simpler way to get the same information. This lesson will find the correct configuration to integrate the API Gateway with KMS.

Key management service

Encryption is a necessity for any application. This is especially true if we save data in the cloud, miles away from us. When we encrypt data, managing the encryption key is the critical functionality that can make or break the system's security. Key management service (KMS) manages these keys and provides a simple API to encrypt or decrypt our data. Before integrating the API Gateway with KMS, let’s create an encryption key. Navigate to the KMS console to create a new key. Keep all defaults and create the key.