Evaluate your understanding of creating serverless APIs using Lambda functions with API Gateway. This quiz covers fundamental features, configuration, and best practices for building scalable, event-driven APIs using these key serverless technologies.
Which method allows an HTTP request made to an API Gateway endpoint to invoke a Lambda function directly?
Explanation: Integrating API Gateway with Lambda enables HTTP requests to directly trigger Lambda functions, facilitating seamless API endpoints. Using S3 events allows storage-related triggers, not HTTP requests. Scheduling with cron executes code on a time schedule, not via API calls. Calling Lambda from a server bypasses API Gateway’s role as an HTTP interface.
What is the primary purpose of using mapping templates in API Gateway when working with Lambda functions?
Explanation: Mapping templates in API Gateway are primarily used to transform incoming request data before passing it to a Lambda function, ensuring compatibility and facilitating custom data formats. Encrypting environment variables is a separate security concern. Assigning execution roles pertains to permissions, not data mapping. Concurrency limits deal with how many instances run at once, unrelated to request data.
When designing a REST API with API Gateway, what does each ‘resource’ typically represent?
Explanation: In API Gateway, each ‘resource’ usually represents a path or endpoint within the API URL, helping organize API structure. It does not determine a function’s memory size, which is set elsewhere. IAM policies control permissions and are unrelated to API resource structure. A regional endpoint type refers to geographic placement, not path organization.
Which item is essential to allow API Gateway to safely invoke a Lambda function?
Explanation: API Gateway must have an execution role with permission to invoke Lambda; this security measure prevents unauthorized access. A scheduled event source triggers Lambda on a timer, not through an API call. A VPC endpoint policy manages network connectivity, not API permissions. Output mapping templates transform responses but do not grant permission to execute functions.
When connecting API Gateway to Lambda, which integration type is commonly used to allow the API to work with Lambda’s request and response format?
Explanation: Lambda Proxy integration passes the full request and response data between API Gateway and Lambda, simplifying communication and enabling flexible APIs. HTTP endpoint integration connects to web URLs directly rather than Lambda. EventBridge and S3 integrations are meant for event buses and storage triggers, not for handling HTTP methods via API Gateway.
What is a common way to restrict unauthorized access to an API Gateway endpoint linked to a Lambda function?
Explanation: Requiring an API key helps restrict endpoint access, ensuring only authorized users can invoke the Lambda function. Memory size and runtime version affect performance, not access control. Mapping templates adjust data formatting but do not provide security by themselves.
In the context of Lambda and API Gateway, how should a Lambda function format its response to return a proper HTTP status and body to the client?
Explanation: A properly formatted JSON response with statusCode and body allows API Gateway to relay appropriate HTTP responses to clients. Plain text or HTML lacks HTTP metadata needed for API responses. Using environment variables for status codes is not a supported method for response handling in this context.
Why is enabling CORS (Cross-Origin Resource Sharing) important when building APIs with Lambda and API Gateway?
Explanation: Enabling CORS allows client applications running on different domains to interact with your API endpoints, a common need for web applications. It has no effect on execution speed, storage space, or usage quotas, which are governed by other configuration settings.
What is a recommended use for environment variables in a Lambda function managed through API Gateway?
Explanation: Environment variables are best suited for storing static configuration values, such as database URLs or API secrets, that should not be hardcoded. Generating unique tokens should be handled per request at runtime, not as static variables. Custom domain names and resource design are managed in API Gateway, not through Lambda environment variables.
Which mechanism provides logs and metrics for Lambda functions and API Gateway endpoints to help monitor serverless API behavior?
Explanation: Enabling built-in logging captures execution details and metrics, helping monitor and debug serverless APIs. Changing concurrency limits adjusts scaling but does not provide visibility. Granting public access impacts security, not monitoring. Client-side encryption ensures privacy but does not offer logging or metric data.