API Gateway
Event handler for Amazon API Gateway REST/HTTP APIs and Application Loader Balancer (ALB).
Key Features¶
- Lightweight routing to reduce boilerplate for API Gateway REST/HTTP API and ALB
- Seamless support for CORS, binary and Gzip compression
- Integrates with Data classes utilities to easily access event and identity information
- Built-in support for Decimals JSON encoding
- Support for dynamic path expressions
- Router to allow for splitting up the handler accross multiple files
Getting started¶
Required resources¶
You must have an existing API Gateway Proxy integration or ALB configured to invoke your Lambda function. There is no additional permissions or dependencies required to use this utility.
This is the sample infrastructure for API Gateway we are using for the examples in this documentation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | |
API Gateway decorator¶
You can define your functions to match a path and HTTP method, when you use the decorator ApiGatewayResolver.
Here's an example where we have two separate functions to resolve two paths: /hello.
We automatically serialize Dict responses as JSON, trim whitespaces for compact responses, and set content-type to application/json
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | |
This utility uses path and httpMethod to route to the right function. This helps make unit tests and local invocation easier too.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | |
1 2 3 4 5 6 7 8 | |
HTTP API¶
When using API Gateway HTTP API to front your Lambda functions, you can instruct ApiGatewayResolver to conform with their contract via proxy_type param:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | |
ALB¶
When using ALB to front your Lambda functions, you can instruct ApiGatewayResolver to conform with their contract via proxy_type param:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | |
Dynamic routes¶
You can use /path/{dynamic_value} when configuring dynamic URL paths. This allows you to define such dynamic value as part of your function signature.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | |
1 2 3 4 5 6 | |
Nested routes¶
You can also nest paths as configured earlier in our sample infrastructure: /{message}/{name}.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | |
1 2 3 4 5 6 | |
Catch-all routes¶
We recommend having explicit routes whenever possible; use catch-all routes sparingly
You can use a regex string to handle an arbitrary number of paths within a request, for example .+.
You can also combine nested paths with greedy regex to catch in between routes.
We will choose the more explicit registered route that match incoming event
1 2 3 4 5 6 7 8 9 10 | |
1 2 3 4 5 6 | |
HTTP Methods¶
You can use named decorators to specify the HTTP method that should be handled in your functions. As well as the
get method already shown above, you can use post, put, patch, delete, and patch.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | |
1 2 3 4 5 6 | |
If you need to accept multiple HTTP methods in a single function, you can use the route method and pass a list of
HTTP methods.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | |
1 2 3 4 5 6 | |
!!! note "It is usually better to have separate functions for each HTTP method, as the functionality tends to differ depending on which method is used."
Accessing request details¶
By integrating with Data classes utilities, you have access to request details, Lambda context and also some convenient methods.
These are made available in the response returned when instantiating ApiGatewayResolver, for example app.current_event and app.lambda_context.
Query strings and payload¶
Within app.current_event property, you can access query strings as dictionary via query_string_parameters, or by name via get_query_string_value method.
You can access the raw payload via body property, or if it's a JSON string you can quickly deserialize it via json_body property.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | |
Headers¶
Similarly to Query strings, you can access headers as dictionary via app.current_event.headers, or by name via get_header_value.
1 2 3 4 5 6 7 8 9 10 11 12 13 | |
Handling not found routes¶
By default, we return 404 for any unmatched route.
You can use not_found decorator to override this behaviour, and return a custom Response.
Handling not found | |
|---|---|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | |
Exception handling¶
You can use exception_handler decorator with any Python exception. This allows you to handle a common exception outside your route, for example validation errors.
Exception handling | |
|---|---|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | |
Raising HTTP errors¶
You can easily raise any HTTP Error back to the client using ServiceError exception.
If you need to send custom headers, use Response class instead.
Additionally, we provide pre-defined errors for the most popular ones such as HTTP 400, 401, 404, 500.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | |
Custom Domain API Mappings¶
When using Custom Domain API Mappings feature, you must use strip_prefixes param in the ApiGatewayResolver constructor.
Scenario: You have a custom domain api.mydomain.dev and set an API Mapping payment to forward requests to your Payments API, the path argument will be /payment/<your_actual_path>.
This will lead to a HTTP 404 despite having your Lambda configured correctly. See the example below on how to account for this change.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | |
1 2 3 4 5 6 | |
Note: After removing a path prefix with strip_prefixes, the new root path will automatically be mapped to the path argument of /. For example, when using strip_prefixes value of /pay, there is no difference between a request path of /pay and /pay/; and the path argument would be defined as /.
Advanced¶
CORS¶
You can configure CORS at the ApiGatewayResolver constructor via cors parameter using the CORSConfig class.
This will ensure that CORS headers are always returned as part of the response when your functions match the path invoked.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | |
1 2 3 4 5 6 7 8 9 10 | |
1 2 3 4 5 6 7 8 | |
Optionally disable class on a per path basis with cors=False parameter
Pre-flight¶
Pre-flight (OPTIONS) calls are typically handled at the API Gateway level as per our sample infrastructure, no Lambda integration necessary. However, ALB expects you to handle pre-flight requests.
For convenience, we automatically handle that for you as long as you setup CORS in the constructor level.
Defaults¶
For convenience, these are the default values when using CORSConfig to enable CORS:
Always configure allow_origin when using in production
| Key | Value | Note |
|---|---|---|
allow_origin: str |
* |
Only use the default value for development. Never use * for production unless your use case requires it |
allow_headers: List[str] |
[Authorization, Content-Type, X-Amz-Date, X-Api-Key, X-Amz-Security-Token] |
Additional headers will be appended to the default list for your convenience |
expose_headers: List[str] |
[] |
Any additional header beyond the safe listed by CORS specification. |
max_age: int |
`` | Only for pre-flight requests if you choose to have your function to handle it instead of API Gateway |
allow_credentials: bool |
False |
Only necessary when you need to expose cookies, authorization headers or TLS client certificates. |
Fine grained responses¶
You can use the Response class to have full control over the response, for example you might want to add additional headers or set a custom Content-type.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | |
```json { "body": "{\"message\":\"I\'m a teapot\"}", "headers": { "Content-Type": "application/json", "X-Custom": "X-Value" }, "isBase64Encoded": false, "statusCode": 418 }
Compress¶
You can compress with gzip and base64 encode your responses via compress parameter.
The client must send the Accept-Encoding header, otherwise a normal response will be sent
1 2 3 4 5 6 7 8 9 10 | |
1 2 3 4 5 6 7 8 | |
1 2 3 4 5 6 7 8 9 | |
Binary responses¶
For convenience, we automatically base64 encode binary responses. You can also use in combination with compress parameter if your client supports gzip.
Like compress feature, the client must send the Accept header with the correct media type.
This feature requires API Gateway to configure binary media types, see our sample infrastructure for reference
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | |
1 2 3 4 5 6 7 8 | |
1 2 3 4 5 6 7 8 | |
Debug mode¶
You can enable debug mode via debug param, or via POWERTOOLS_EVENT_HANDLER_DEBUG environment variable.
This will enable full tracebacks errors in the response, print request and responses, and set CORS in development mode.
This might reveal sensitive information in your logs and relax CORS restrictions, use it sparingly.
1 2 3 4 5 6 7 8 9 10 | |
Custom serializer¶
You can instruct API Gateway handler to use a custom serializer to best suit your needs, for example take into account Enums when serializing.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | |
Split routes with Router¶
As you grow the number of routes a given Lambda function should handle, it is natural to split routes into separate files to ease maintenance - That's where the Router feature is useful.
Let's assume you have app.py as your Lambda function entrypoint and routes in users.py, this is how you'd use the Router feature.
We import Router instead of ApiGatewayResolver; syntax wise is exactly the same.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | |
We use include_router method and include all user routers registered in the router global object.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | |
Route prefix¶
In the previous example, users.py routes had a /users prefix. This might grow over time and become repetitive.
When necessary, you can set a prefix when including a router object. This means you could remove /users prefix in users.py altogether.
1 2 3 4 5 6 7 8 9 10 11 12 13 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | |
Sample layout¶
This sample project contains a Users function with two distinct set of routes, /users and /health. The layout optimizes for code sharing, no custom build tooling, and it uses Lambda Layers to install Lambda Powertools.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 | |
1 2 3 4 5 6 7 8 9 10 11 | |
Considerations¶
This utility is optimized for fast startup, minimal feature set, and to quickly on-board customers familiar with frameworks like Flask — it's not meant to be a fully fledged framework.
Event Handler naturally leads to a single Lambda function handling multiple routes for a given service, which can be eventually broken into multiple functions.
Both single (monolithic) and multiple functions (micro) offer different set of trade-offs worth knowing.
TL;DR. Start with a monolithic function, add additional functions with new handlers, and possibly break into micro functions if necessary.
Monolithic function¶
A monolithic function means that your final code artifact will be deployed to a single function. This is generally the best approach to start.
Benefits
- Code reuse. It's easier to reason about your service, modularize it and reuse code as it grows. Eventually, it can be turned into a standalone library.
- No custom tooling. Monolithic functions are treated just like normal Python packages; no upfront investment in tooling.
- Faster deployment and debugging. Whether you use all-at-once, linear, or canary deployments, a monolithic function is a single deployable unit. IDEs like PyCharm and VSCode have tooling to quickly profile, visualize, and step through debug any Python package.
Downsides
- Cold starts. Frequent deployments and/or high load can diminish the benefit of monolithic functions depending on your latency requirements, due to Lambda scaling model. Always load test to pragmatically balance between your customer experience and development cognitive load.
- Granular security permissions. The micro function approach enables you to use fine-grained permissions & access controls, separate external dependencies & code signing at the function level. Conversely, you could have multiple functions while duplicating the final code artifact in a monolithic approach.
- Regardless, least privilege can be applied to either approaches.
- Higher risk per deployment. A misconfiguration or invalid import can cause disruption if not caught earlier in automated testing. Multiple functions can mitigate misconfigurations but they would still share the same code artifact. You can further minimize risks with multiple environments in your CI/CD pipeline.
Micro function¶
A micro function means that your final code artifact will be different to each function deployed. This is generally the approach to start if you're looking for fine-grain control and/or high load on certain parts of your service.
Benefits
- Granular scaling. A micro function can benefit from the Lambda scaling model to scale differently depending on each part of your application. Concurrency controls and provisioned concurrency can also be used at a granular level for capacity management.
- Discoverability. Micro functions are easier do visualize when using distributed tracing. Their high-level architectures can be self-explanatory, and complexity is highly visible — assuming each function is named to the business purpose it serves.
- Package size. An independent function can be significant smaller (KB vs MB) depending on external dependencies it require to perform its purpose. Conversely, a monolithic approach can benefit from Lambda Layers to optimize builds for external dependencies.
Downsides
- Upfront investment. Python ecosystem doesn't use a bundler — you need a custom build tooling to ensure each function only has what it needs and account for C bindings for runtime compatibility. Operations become more elaborate — you need to standardize tracing labels/annotations, structured logging, and metrics to pinpoint root causes.
- Engineering discipline is necessary for both approaches. Micro-function approach however requires further attention in consistency as the number of functions grow, just like any distributed system.
- Harder to share code. Shared code must be carefully evaluated to avoid unnecessary deployments when that changes. Equally, if shared code isn't a library, your development, building, deployment tooling need to accommodate the distinct layout.
- Slower safe deployments. Safely deploying multiple functions require coordination — AWS CodeDeploy deploys and verifies each function sequentially. This increases lead time substantially (minutes to hours) depending on the deployment strategy you choose. You can mitigate it by selectively enabling it in prod-like environments only, and where the risk profile is applicable.
- Automated testing, operational and security reviews are essential to stability in either approaches.
Testing your code¶
You can test your routes by passing a proxy event request where path and httpMethod.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | |
FAQ¶
What's the difference between this utility and frameworks like Chalice?
Chalice is a full featured microframework that manages application and infrastructure. This utility, however, is largely focused on routing to reduce boilerplate and expects you to setup and manage infrastructure with your framework of choice.
That said, Chalice has native integration with Lambda Powertools if you're looking for a more opinionated and web framework feature set.
Last update: 2021-12-20