AWS Environment Management: API Gateway and Lambda
Manage environments in individual AWS services (for example, differentiating between development, test, and production in API Gateway)
AWS Environment Management: API Gateway and Lambda
This guide covers the strategies and mechanisms used to differentiate and manage application environments (Development, Test, Production) within AWS services, primarily focusing on Amazon API Gateway and AWS Lambda.
Learning Objectives
- Differentiate between stages in API Gateway.
- Use Stage Variables to dynamically route traffic to backend resources.
- Implement Lambda Aliases and Versions to maintain stable production environments while iterating in development.
- Configure environment-specific settings using Lambda environment variables and AWS AppConfig.
Key Terms & Glossary
- Stage: A logical snapshot of an API deployment (e.g.,
dev,prod). Each stage has a unique Invoke URL. - Stage Variable: A key-value pair defined for a specific API Gateway stage, often used as a parameter in integration strings.
- Version: An immutable snapshot of a Lambda function's code and configuration.
- Alias: A pointer to a specific Lambda version (e.g.,
PRODpoints to version 3) that can be updated to point to a new version without changing the client's integration. - $LATEST: The default, mutable version of a Lambda function where code updates are applied.
The "Big Idea"
In cloud development, duplicating your entire infrastructure for every environment is costly and slow. AWS provides logical isolation tools—like API Gateway Stages and Lambda Aliases—that allow you to use the same physical resources while keeping traffic and configurations strictly separated. This ensures that a developer testing a new feature in dev cannot accidentally impact the stable prod environment.
Formula / Concept Box
| Concept | Purpose | Syntax/Mechanism |
|---|---|---|
| Invoke URL | Unique endpoint per stage | https://{api-id}.execute-api.{region}.amazonaws.com/{stage-name}/ |
| Dynamic Routing | Pointing API to Lambda | arn:aws:lambda:region:account:function:my-func:${stageVariables.env} |
| Cache Invalidation | Manual flush of stage cache | Header: Cache-Control: max-age=0 (Requires IAM permission) |
| Deployment | Making changes live | Must "Deploy API" to a Stage for changes to take effect |
Hierarchical Outline
- Amazon API Gateway Environments
- Stages: Logical references to lifecycle states (e.g.,
beta,prod). - Deployment: Snapshots of the API; changes are not live until a deployment to a stage occurs.
- Stage Variables: Used to manage backend configuration (e.g., database connection strings or Lambda function names).
- Stages: Logical references to lifecycle states (e.g.,
- AWS Lambda Lifecycle
- Versions: Immutable snapshots; once created, code/config cannot change.
- Aliases: Mutable pointers to versions; used for Blue/Green or Canary deployments.
- Integration Strategy
- Dynamic Integration: Using
${stageVariables.variableName}in the API Gateway integration request to route to different Lambda aliases.
- Dynamic Integration: Using
Visual Anchors
Environment Routing Flow
Lambda Alias Mapping
\begin{tikzpicture}[node distance=2cm, every node/.style={rectangle, draw, rounded corners, minimum width=3cm, minimum height=1cm, align=center}] \node (alias) [fill=yellow!20] {\textbf{Alias: PROD}}; \node (v2) [right of=alias, xshift=3cm, fill=green!10] {\textbf{Version 2} \ (Immutable/Stable)}; \node (v1) [below of=v2, fill=gray!10] {Version 1 \ (Deprecated)}; \node (latest) [above of=v2, fill=orange!10] {$LATEST \ (Mutable/Experimental)};
\draw[->, thick] (alias) -- (v2) node[midway, above] {Points to};
\draw[dashed, ->] (latest) -- (v2) node[midway, right] {Publish};\end{tikzpicture}
Definition-Example Pairs
- Stage Variable: A parameter used to define environment-specific values.
- Example: Defining a variable
lambdaAliasasprodon the production stage anddevon the development stage. This allows a single API definition to call two different versions of a function.
- Example: Defining a variable
- Canary Deployment: A deployment strategy where a small percentage of traffic is shifted to a new version to monitor health.
- Example: Setting an API Gateway stage to send 10% of traffic to a "Canary" deployment while 90% stays on the stable production deployment.
Worked Examples
Step-by-Step: Linking API Stages to Lambda Aliases
Scenario: You have a Lambda function ProcessOrder. You want the dev stage of your API to hit the EXPERIMENTAL alias and the prod stage to hit the STABLE alias.
- Lambda Setup: Create two aliases for
ProcessOrder:EXPERIMENTALpointing to$LATESTandSTABLEpointing toVersion 1. - API Gateway Stage Variables:
- In the
devstage, create a variableenvwith valueEXPERIMENTAL. - In the
prodstage, create a variableenvwith valueSTABLE.
- In the
- Integration Mapping: In the API Gateway console, for the Lambda integration, set the function name to:
ProcessOrder:${stageVariables.env} - Permission: Run the
aws lambda add-permissioncommand to allow API Gateway to invoke the function versions associated with these aliases.
Checkpoint Questions
- What happens to an API Gateway stage if you update the API resources but do not create a new deployment?
- Why is it a best practice to point production API stages to a Lambda Alias rather than the $LATEST version?
- How can a client force an API Gateway cache refresh if the
Cache-Controlheader is allowed? - Where would you store a database password that needs to be different between
devandprodenvironments in Lambda?
[!TIP] Answer Key:
- The changes will not be visible; the stage remains on the previous snapshot (deployment).
- $LATEST is mutable; any code save immediately changes it. Aliases/Versions provide stability.
- By sending
Cache-Control: max-age=0in the request header.- Use Lambda Environment Variables (encrypted via KMS) or AWS Secrets Manager.