Amazon AWS Certified Security Specialty SCS-C01 Topic: Domain 3 – Infrastructure Security Part 7
December 19, 2022

31. Introduction to Application Programming Interface (API)

Hey everyone, and welcome back. Now today we’ll be speaking about API. Now, I’m very sure that if you are working in industry, you might have heard about this specific term a lot of times. So what we’ll do today is go ahead and understand what it means in high-level overview. So let’s get started. API stands for Application Programming Interface, and it is commonly used for intercommunication between various software’s. You can now definitely communicate between multiple software’s without using an API. However, API has numerous advantages, which we will investigate when we hold a demo session. So, in general, one of the benefits of using an API is that the exact structure of the request and response is documented upfront and is likely to remain consistent over time. Now, this third point might be a bit confusing right now.

So let’s take a simple use case and understand exactly what it means. So, the use case today is a simple weather application where James wants to build a weather report application. Since it needs a weather report for all the countries, he wonders where he can get all the data from. Now, there’s a website called OpenWeatherMap that has all this data. And thus, James decides to integrate his application to fetch data from the Open Weather Map database.

Now, the question is, “How will he pass this data?” So, a very simple use case, I would say, is where someone wants to build an application. Let’s assume an Android application that posts the weather. Now, in order to do that, what you have to do is have a sensor that will capture the weather information. Now, if it is just India, you can have sensors in every city. not a very major task to do. But if you want to report weather for all the countries throughout the world, then you need sensors in each and every city. And this is definitely a challenging task for an individual to do. As a result, there are numerous websites that collect this information for you. And you can use those websites to get the information from.

So we talk about how open Weatherman is one such website. Let me open this up. So this is a website, and it contains or gives information related to the weather of each and every city. So let me do one thing. Let me put Mumbai over here. And once you click here, it gives you precise information related to the current weather. It tells you about the wind, the cloudiness, the pressure, the humidity, the sunrise, the possible sunset time, and it also tells you the weather for the upcoming one or two weeks. So this is a fantastic website to obtain information from.

So I have a simple Android application. Let me just show you. So, this is a simple Android application, as I hope you can see, that tells you the weather of a specific city. And if you see over here, it actually shows you the weather of every hour, which I hope you can see. So, the question is, where is it getting the data from? I’m 100% sure that all the weather applications—or, I would say, most of the weather applications—will fetch the information from some kind of website similar to this one. Now, the question is, where will the application get the data from? One is that, as you see, every city has a city ID.

So Mumbai has this specific city ID. So an application can pass this particular web page. It can get this information. The temperature can reach 32 degrees, as can the wind speed, pressure, humidity, sunrise, sunset, and so on. So this is quite easy to understand, but the application will stop working if the interface of the website changes. So, as a manual way of doing it, the easiest way is to open the website and see, “Okay, this is the temperature.” This is the pressure. Now, when you talk about software, software needs some kind of intelligence. So let’s assume you can download this page, and then you can parse each individual field. Now, here is the challenge: if the website interface changes, then your application will break down. And this is the reason why this approach is not very good approach.

So you’ll notice a tab called API here. So let me just click it up, and you will find that the open weather map API is simple, clear, and free. So what you can do in the API is send a request to the API of this website asking for the weather in Mumbai. And the API will return the result in JSON format, which is textual. So the software will be able to pass it quite easily. So let me show you how that would work. So, I have a simple API request for the Open Weather app. I’ll just copy this request and paste it over here. So now, if you will see what is happening, I made a curl request to get on the API. The API Open Weather map is displayed. And here we have passed the query. And the query is “Mumbai.” And what it is giving me is the result in JSON format. So this is a textual format. So, if you will see over here, the wind speed is 6.2. If I go over here, the wind speed is 6.2.

Now, for a software application, this is very easy to understand and easy to parse. And this is the answer to the third question: with an API, the exact structure of the request and response is documented upfront and is likely to remain consistent over time. So this specific structure is likely to remain the same, although the website interface might change the structure of the API request. And the response will remain the same. So what my weather application can do is make a kernel request and then parse the value associated with each individual field. So it can parse the pressure as 1006 and then determine whether the application can take this data and display it to the user. So, this is quite an easy way to do things. And it is for this reason that API is so useful. So this also answers a second point, which means it is generally used for intercommunication between multiple software’s.

Curl is a client in my case, and API Open Weather Map is another piece of software. As a result, it is commonly used for intercommunication between two software’s. If a human wants to go through it, then they will not prefer to read it in API or JSON format. They would rather prefer to read it in a Gui. Perfect. So you got the basic overview of what an API means. So we will not just end here. I have a second use case that will make this much clearer.

Let me just open up the PPT, and the second use case is an overview of the infrastructure. So, what this means is that you want to have a list of all the instances in your cloud environment, along with their names, IP addresses, operating system name, kernel, version, region, backup window, and available snapshot. How will we go forward with this use case? So, this is a very simple use case. And this is something that you might find in your organisation as well, where your CTO is asking for detailed infrastructure-based information. So one way to do it is one way to do it. In my case, I am using Digital Ocean for my website. So it’s quite cheap.

So in Do, I have two servers. As you can see, it displays the names of the servers. You have my dreams; you have my life. It shows me the IP addresses. So if I just open it up, it gives me more detailed information. For example, it has 1 GB of memory and a 30 GB hard drive. It is located in the Singapore region. It has a total of 77. The private IP is this. Now, if you see, it needed the backup windows and the available snapshots as well. So in order to do that, I can go to the backups, and it shows me the backups of my current droplet for a snapshot. It shows me the available snapshot associated with the OS. Now, in this case, I just have two servers over here. Now, one thing that you might have figured out Now, if you want to have this information and give it to the CTO, you have to open up each and every server, write this information on an Excel sheet, and once the information is complete, give it to the CTO.

Now, let’s assume you have 100 servers. How will you do that? So doing things the GUI way is not always the right solution. So if you talk about Digital Lotion, you’ll see again that there’s a tab called API. If I click on API, it gives me a lot of information related to the API keys. So let me do one thing. I’ll copy it and paste it over here. So what we are doing is sending an API request to Digital Ocean to get information related to the infrastructure. Perfect. So, if you’ll excuse me, I’ll go up. So it gives me information related to the droplet.

The name is my life. Let me go back and compare it here. It is giving me information about my life first. So now, as you can see, the memory is 1024. The CPU has one code. The disc is 20 GB. It tells me the OS and the kernel version. It also tells me about the available backups that are there for this server. It talks about the available snapshots. It specifies when a new backup of this server will be taken. Along with that, it also talks about the region in which the server is launched and the IP addresses. This is a private IP, and this is a public IP. So the region is Singapore. And if you go down, this marks the end of the first VM.

My dreams are the second VM. You see, we have a total of two VMs. It also provides all of this information for the second VM. So now, as you’ll see, doing things in an API way is very fast, and you don’t really have to do a lot of manual work. And, in particular, when two software’s are communicating, the API is the best tool available. But at the very least, I would like to show you one more interesting thing. I hope you’re not bored.

So if I go to Facebook.com, YouTube, you will see that it is showing me the YouTube page. Now. Facebook also provides the API. So here, if I just put a graph for Facebook.com or YouTube, now you get a message saying an access token is required to access the resources. and this is very important. Whenever you have an API, you should always have an access token along with it. Something similar to a username and password For example, if you want to log into Facebook, you must enter a username and password. Similarly, if you want to get information from an API, you have to pass a token. So, in the open weather map, I can access the information via API because I have a token associated with it. So, if you will see, I am passing a token ID.

So this is my token ID, and this is the authentication parameter. same for Digital Ocean. You see, I have a token, which I’m pushing along with the request. So there are also some open APIs available. But the best practise says that you should always have a token associated with the API. So this is it. In this specific lecture, one thing I would really encourage you to do is sign up for the open weather map. And once you sign in, let me show you how. Actually, there are API keys. And you can generate an API key from the website itself. And then you can use this API key to query a specific API.

32. Understanding the working of API

Hey everyone, and welcome back to the Knowledge Portal video series. So in the earlier lecture, we discussed what an API really means. And in today’s lecture, we’ll go ahead and understand the internal workings of how exactly an API would really work. So, let’s begin. So, just to think about it when we talk about GUI, GUI is a graphical user interface. However, when we talk about API, we are referring to something similar to an application user interface. So API is essentially a user interface designed with various types of users in mind. So when we talk about different users, this means applications. So this interface allows one application to communicate with another application with the help of simple commands. So these are the points that we have already seen in detail in the earlier lecture. So today, let’s go ahead and understand more about how the API functions. Now, whenever you design an API, there are four common methods that the API is designed to support.

The first is “get.” The second is post. The third option is to put, and the fourth option is to delete. So Get is definitely used to get some information from a specific function. Second is post, which is used to create new information in the back-end resources. The third function is “put,” which is used to update or replace an existing resource. It can be a file or something similar that you delete. As the name implies, it is used to remove a resource. Now, let me show you. If you remember from the earlier lecture, we had an API, or Digital Ocean, which gave us information related to the droplets that were present in our account. So, if you just go up over here, So this is the API command that we had run. Now, if you will see over here, we are running Get. And after running this command, it fetched the information that was available. So this is the get method that we are using. So this is the method Get.

Now, along with that, there are various other methods, and each method is used for a specific functionality. There is, for example, a post version available. So this is an API. So what this API would generally do is create a new virtual machine in the digital ocean. So, in order to do that, what we are doing is using the post method and supplying some kind of information, like the droplet name, the region, the size, like 512 MB of RAM, the Ubuntu image, along with various other pieces of information. So this is where the post needs to be used. We cannot use “Get over here.” So, depending upon the functionality of your API, the methods that your API should support will really differ. So, I hope you have a basic understanding of what this means. So we’ll take yet another use case in today’s lecture, which is basically an online antivirus software. So what this use case means is that you have antivirus software running on your server, and you want other users over the internet to upload their files and get the files scanned by the AV.

How will you go with the use case? So, let’s say you have antivirus software running on your server and want other users on the internet to scan their files against your antivirus software. Now, you cannot really give them SSH access to your server. So how will you do that? One of the simplest things you can do is create a graphical user interface that allows a user to upload a file and then click the “scan” button. That is one way, but that is a manual way.

When we talk about automated ways, APIs will help you. So, let me show you. This is a very interesting website. So this basically does the same thing that we had actually discussed. So what you need to do is make a curl request. So this is an API token, and then you specify the file. So in this case, it is a document, or doc. So this is the file, and then the URL is “API scantier comsomuris.” So, if you do that, your document, or doc, and its contents will be scanned by the antivirus software, if it is running. And then the result you’ll get will be something similar to this. So, as you can see, it is reporting that a content contains a malicious file based on macro X.

So macro X is basically used to affect Microsoft Word-based documents. So again, that’s very simple. You are scanning your document with the API. The document is being scanned by the back end function, and in the result, you get the findings. So this is a very simple use case of what an API can do. So this is quite important. Especially if you have a website that allows users to upload files, such as Dropbox. So what websites like Dropbox can do is that whenever you upload a file to a Dropbox or a Googled rive, they can run a curl request to an API. Perhaps this will happen, or perhaps they will have their own APIs that will scan the document that the user has uploaded. And if it says or finds that there is some kind of virus, then it will delete it. So a very simple use case, and this is what you will find in many of the email applications like Gmail, is that whenever you download a certain piece of content, Gmail will actually scan the piece of content. So if you send a virus, you will not be able to do that. So Gmail will scan the contents that you are uploading, and it will delete it if it is malicious. So this is yet another example of what an API might do. Let’s take a look at how the API would actually work.

So you’ve got some kind of function. Let’s assume this is antivirus software. And there is a database that contains the signatures. And then you have a user over here. So, as we have discussed, we cannot really allow users to have SSH access to the server where they can upload their files. So what you really do is, if you want the user to run this specific function, create a middle layer. So this is a function, and then you have a middle layer of API. The user will either call the API or send a curl request to the API by uploading a file. The API will then interact with the back-end function. The back-end function will process according to the functionality, and then it will send the result back to the user. So this is a very high-level overview of how an API would really work. Now, there are two important things that you would like to remember. The first is that when you design the API, you need a backend function. So this function can be in an antivirus software, an image processing software, or a simple “hello world” function as well.

So you need a function. So you need the back-end function. You then create an API based on the back-end function. Okay? So you have to have an API, and you have to have a function. So whenever you design an API, the methods that the API will support really depend on the functionality of the backend application. So we talk about: you have get post; you have put delete; and many other things. So what methods the API will support will depend on the function that the application will be performing. So that’s the end of the APIs. In the next lecture, what we will be doing is creating our own functions, and then we will create our own API. And we’ll look into how exactly this can be done so that we can have a real-world use case on how to create our own APIs.

33. Building Lambda Function for our API

Hey everyone, and welcome back. Now in the earlier lecture we discussed that there are two important components that we need. The first is the function, and the second is the API. So what we’ll be doing today is creating a function after a function is created. Then we’ll build an API, and then we’ll do a curl request on the API to see if the function is really working. Perfect. So in order to create a function, what we’ll be doing is creating a very simple hello-world-based function so that it is quite easy and everyone can follow along perfectly. So in order to create a function, we’ll use an AWS lambda. So, as I hope you know, AWS Lambda is basically used for server less computing, and it allows us to create a function. Now this function can be of any type. So, depending on the use case, you can write a function that scans the files for malware of various types. So let’s go ahead and create a function. So there are already blueprints that are available. I’ll create a character from scratch.

So now I’ll just select next, and I’ll say the function is “hello world,” and by default, you’ll see the function code already contains the “hello” from lambda. So I’ll just modify it using the hello API function. Okay, so once this is created, you can assign it to memory or to that, because let’s say you’re creating a function that scans the file for malware or a function that resizes the images that the user uploads. Then the amount of memory that will be needed will be more, and the amount of timeout that will be needed will also be more. So since we are just saying “hello world,” these default settings are quite good enough for us. So let’s go ahead and click “Next.” We simply forgot about the existing role. I’ll just select an existing role, click Next, and I’ll click on Create Function. Perfect. So the function is created. So we have completed the function part. So what this function will do is, whenever someone calls this function, it will display “Hello” from the API function. So this is the text that it will be displaying.

So let’s go ahead and call the function. I’ll do a test, and I’ll click on save and test. So in the execution result, you should find “hello” from the API function as an output. See, this is the output that you are getting. Perfect. So this function has now been created. Now the challenge here is that since this function is created in lambda, if I want this to be accessible to users over the internet, how can I do that? So this function is created inside my lambda in my AWS account.

Now I want users across the internet to be able to run this specific function. So what I’ll be doing is creating an API, and then I’ll be linking this API to call this specific function. So in today’s lecture, we’ll end with this, and in the next lecture, we will create an API and link it with a specific function. So I hope this has been useful for you. A very short lecture The reason is that I wanted to dedicate an entire lecture on how to create an API to avoid confusion. So this is it for this lecture. I hope this has been informative for you, and I look forward to seeing you in the next lecture.

34. Building our first API with API Gateway

Hey everyone, and welcome back. We had created a simple hello, world function in the previous lecture. Now, what we will do in today’s lecture is create an API. So we have a function that is created that, when executed, will display “hello” from the API function. So that is a string that gets displayed whenever this function is executed. Now, since the user is outside of Amazonas, it might mean that the user wants to execute this specific function, which is internal. So what I’ll do is create an API that a user can use as a proxy to execute this specific Hello, World function. So the question is: how do I create an API? And the answer is quite simple, actually. I would say quite simple now because there is a great service that AWS offers called Amazon API Gateway. So, basically, this service allows us to create an API in a nice UI manner.

So let’s go ahead and click on “get started.” So by default, it will show you a sample API. What we’ll do is create our own API. I’ll click on “new API,” and you’ll have to give an API name. So I’ll say Kplabs. This API would return “hello world,” according to this description. Okay, I’ll go ahead and click on Create API. Perfect. So this is our screen where we can define the API-related configurations. Returning to the slide, we discussed how the API would support different methods depending on the functionality. So, if you see over here in the action, the first thing that we need to do is create the method. So I click on “create method,” and in the method there are various methods that are available. So, since this is a simple “hello world,” the only method that we need is “get.” So this is quite important. Do not select any. So if deleting is not needed, don’t select any. So just follow the principle of least privilege. So, this is something that we had already discussed.

So, if only one method is required, choose that method alone. So many organizations make this mistake, where their API supports a number of methods, and a hacker runs a delete command that actually deletes the resources of a specific back-end system. Anyway, we’ll click “Get” and finish this up. So once the method is selected, the next thing is the function. As a result, because we wrote a hello world function in lambda, the integration type will be lambda. And then it asks me for the lambda region. The lambda region would be the southeast one, which is Singapore. And then our function name is “hello walls.” Perfect. I’ll click on save, and I’ll click on okay. So what this is showing is that it is allowing the API gateway to invoke this specific function. So, whenever someone makes a Get request to myAPI, the API on the back end will execute this specific function. So I’ll click on “okay, perfect.” So now you have a nice little diagram, something similar to what we had discussed. because the API, which calls the function, is in the middle.

So we’ll be discussing this in the relevant section. But just to remember that this is the client. So on the left hand side, you have a client, and on the right hand side, you have a function. similar in here. On the left hand side, you have a client, and on the right hand side, you have a lambda function. Say “hello, world.” Perfect. So now that we have created our own method and our own function, what we’ll do is go ahead and deploy the API. So I’ll click on “deploy API.” So you must provide a name. I’ll say definitely. So this is our first API, and I click on “deploy.” So as soon as you click on “deploy,” you will see that you get an API URL. So whenever someone hits this specific URL for the API, the lambda function will be executed behind the scenes. So I’ll just copy it and paste it in the browser. And now you will see “hello” from the API function. So this is how you can design your own API. So this is it for the API creation lecture. Again, whenever needed, we will take on more use cases, and we will be deploying new APIs and new functions whenever they are needed.

35. API Gateway – Important Pointers for Exams

Hey everyone, and welcome back. Now in the earlier lecture we discussed that there are two important components that we need. The first is the function, and the second is the API. So what we’ll be doing today is creating a function after a function is created. Then we’ll build an API, and then we’ll do a curl request on the API to see if the function is really working perfectly. So in order to create a function, what we’ll be doing is creating a very simple hello-world-based function so that it is quite easy and everyone can follow along perfectly. So in order to create a function, we’ll use the AWS lambda. So I hope you know that AWS Lambda is basically used for server less computing and that it allows us to create a function. Now this function can be of any type. So, depending on the use case, you can write a function that scans the files for malware of various types. So let’s go ahead and create a function. So there are already blueprints that are available. I’ll create a character from scratch. So now I’ll just select next, and I’ll say the function is “hello world,” and by default, you’ll see the function code already contains the “hello” from lambda.

So I’ll just modify it using the hello API function. Okay, so once this is created, you can assign it to memory or to that, because let’s say you’re creating a function that scans the file for malware or a function that resizes the images that the user uploads. Then the amount of memory that will be needed will be more, and the amount of timeout that will be needed will also be more. So since we are just saying “hello world,” these default settings are quite good enough for us. So let’s go ahead and click “Next.” We simply forgot about the existing role. I’ll just select an existing role, click Next, and I’ll click on Create Function. Perfect. So the function is created. So we have completed the function part. So what this function will do is, whenever someone calls this function, it will display “Hello” from the API function. So this is the text that it will be displaying.

So let’s go ahead and call the function. I’ll do a test, and I’ll click on save and test. So in the execution result, you should find “hello” from the EPI function as an output. See, this is the output that you are getting. Perfect. So this function has now been created. Now the challenge here is that since this function is created in lambda, if I want this to be accessible to users over the internet, how can I do that? So this function is created inside my lambda in my AWS account. Now I want users across the internet to be able to run this specific function. So what I’ll be doing is creating an API, and then I’ll be linking this API to call this specific function. So in today’s lecture, and with this and the next lecture, we will create an API and link it with a specific function. So I hope this has been useful for you. A very short lecture The reason is that I wanted to dedicate an entire lecture on how to create an API to avoid confusion. So this is it for this lecture. I hope this has been informative for you, and I look forward to seeing you in the next lecture.

36. Lambda & S3

Hey everyone, and welcome back. In today’s video, we’ll go over a use case for integrating lambda with S3. Now, lambda and s are three use cases that are frequently asked in the exam. So it is important for us to understand how these two services fit together. Essentially, AWS’s three services now include a feature for publishing events. For example, if someone uploads or deletes an object in an SD bucket, it can publish the events. Now, these events can be published to an AWS lambda function. Now, let’s look at some examples of where this could be useful. So let’s assume that you are designing a lambda function that would check whether the file that is uploaded in a bucket is infected or not. Now, what would happen is that users would upload various files to your S3 bucket that they think are suspicious.

Once the files are uploaded to the S3 bucket, your lambda function must analyse them and return a result to the user indicating whether the file is clean or infected. Now, in order to achieve the use case, there are two important things that would be needed by the lambda function. Now, the first important thing is that the lambda function should know when the object has been uploaded. So either it can continuously poll every 5 seconds or every 10 seconds, and during the night when no user is uploading the object, your lambda function will keep on calling three, which is really nothing to call for. So instead of that, what you need is that whenever a user uploads an object, you should receive an alert saying that the object is uploaded, which can then trigger the lambda function to run.

That is the first part. The second part is that once the trigger has been created, your lambda function should have the permission to retrieve that specific object file that was uploaded in step three. So these are the two things that are needed. So let’s go ahead and look into how we can design this kind of use case. So, this is my lambda function page. So there are no functions that are created right now. So what we’ll do is go ahead and create our first function. The name would be “demo function.” The runtime that we’ll select is Python 3.6. You can now choose an existing role, create a new role from a template, or create your own role. So I’ll just create a new role for the templates. There are existing templates for various roles. I’ll only select three objects for read-only access. Now, the role name that I’ll give is “isaplabs,” three-read only, and I’ll go ahead and click on “create a function.” Perfect. So now the function has been created. Now, on the left hand side, you will see that I have options for adding a trigger, and there are a lot of AWS services that are part of this. I’ll select S3, and within S3, you have to select the bucket.

So I’ll be selecting—I do have a sample bucket, KP Labs music, and I’ll select that specific bucket. I say kplabs Hip, music, and the type of event. What type of event would you need in that bucket for the trigger to occur? So any delete or possibly any copy event So for the R demo, I’ll just select the “Object created event.” So whenever an object is created, we want our lambda function to be triggered. So once you have done that, you can click on Add and save your changes. Perfect.

So now that your changes are saved, if you go to the lambda function, let’s just add a simple print command. I’ll say hello from KP Labs. All right, so this is a simple print command. I’ll go ahead and click on “Save.” Now, ideally, any object that gets created in this bucket should create the Demo function trigger, which would execute this specific function. So let’s upload a file here. I’ll just upload an image file. Now, the image file is being uploaded, and ideally, this function should have been executed. So in order to quickly verify, we can go to the Cloud Watch; I’ll go to Logs, and there should be a log call for the “Demo” function. So this is the name of the function. And if you see hello from KP Labs within this, So once the object had been uploaded to this bucket, a trigger occurred. And even that trigger resulted in the execution of the lambda function. So this is very similar to the use case that we were discussing. As an example, a person uploads a malicious file that he believes is malicious, or he uploads a file that he believes is malicious. When he uploads to S3, your lambda function will be triggered, and logic within your lambda function will check to see if the file exists. 

Leave a Reply

How It Works

img
Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
img
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
img
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!