Amazon API Gateway Monitoring
Amazon API Gateway lets you create, configure and host RESTful APIs to help mobile apps and web application access AWS services. Using Site24x7's AWS integration you can monitor statistics on API calls, caching, latency, server-side and client errors not only on an API stage level but also on a method level.
- Monitor API execution at the stage level
- Monitor API execution at the method level
- Monitor API execution at the route level
Monitor API execution at the stage level
Prerequisites
API Gateway automatically exposes metrics to CloudWatch on the API and stage-level. To monitor API calls, latency, integration latency, 400 and 500 errors for all methods associated with an resource you need to enable Detailed CloudWatch metrics.
To enable Detailed CloudWatch metrics:
- Sign in to AWS management console. Go to the API Gateway console.
- Choose the API. Click on Stages.
- In the Stage list for the API, choose the stage.
- Choose Logs in the Stage Editor.
- To enable, choose Enable Detailed CloudWatch Metrics under CloudWatch Settings.
- Choose Save Changes.
Setup and configuration
- If you haven't done it already, please enable access to your AWS resources either by creating Site24x7 as an IAM user or by creating a cross-account IAM role between your AWS account and Site24x7's AWS account. Learn more.
- Next, in the Integrate AWS Account page, please ensure the check box next to the API Gateway Stage listing is selected. Learn more.
Policies and permissions
Please make sure the following read-level action is present in the policy document assigned to the Site24x7 IAM entity. Learn more.
- "apigateway:GET"
Polling frequency
By default, API Gateway metric data points are sent to CloudWatch every 1 minute. Site24x7 aggregates the data collected at every 1 minute into 5 minute averages. Learn more.
IT Automations
You can add automations for the AWS services supported by Site24x7. Log in to Site24x7 and go to Admin > IT Automation Templates (+) > Add Automation Templates. Once automations are added, you can schedule them to be executed one after the other.
You can now automatically invoke an api in the Amazon API Gateway using Amazon API Gateway automations.
Supported metrics
Site24x7 collects the following metrics on an API stage level.
| Metric | Description | Data type | Statistic |
|---|---|---|---|
| 4XX errors | Measures the number of captured client-side errors | Count | Sum |
| 5XX errors | Measures the number of captured server-side errors. | Count | Sum |
| Cache hit count | Measures the number of requests served from the API cache. | Count | Sum |
| Cache miss count | Measures the number of requests served by the back-end when caching is enabled. | Count | Sum |
| Count | Measures the total number of API requests | Count | Sum |
| Integration latency | Measures the elapsed time between when an API Gateway routes a request to the back end and receives a response from the back end. | Millisecond | Average and 95th percentile |
| Latency | Measures the elapsed time between when an API Gateway receives a request from the client and when it returns a response to the client. | Millsecond | Average and 95th percentile |
API Settings
| Attribute | Description |
|---|---|
| API Endpoint | The URI of the API |
| API Key Selection Expression | This expression is evaluated when the service determines that the request should be proceed only if the client provides a valid API key |
| Disable Execute API Endpoint | Specifies whether clients can invoke your API by using the default execute-api endpoint |
| Created Date | The date and time when the API was created |
| Route Selection Expression | A route selection expression is evaluated when the service is selecting the route to follow for an incoming message |
Stage Settings
| Attribute | Description |
|---|---|
| Protocol Type | The type of API—HTTP, WebSocket, or REST |
| Stage Name | The name of the stage |
| API Gateway ID | The ID of the API |
| API Gateway Name | The name of the API Gateway |
| Region | The region where the API is created |
| Auto Deployment | Specifies whether the deployment was automatically released |
| Created Date | The date at which the stage was created |
| Last Updated Time | The time at which the stage was last updated |
| Deployment ID | The identifier for the deployment |
| Description | The description of the deployment |
| Client Certificate ID | The identifier of a client certificate for a stage. Supported only for WebSocket APIs |
| Stage variables | A map that defines the stage variables for a stage resource |
Cross-Origin Resource Sharing (CORS) Details
| Attribute | Description |
|---|---|
| Allow Credentials | Specifies whether credentials are included in the CORS request. Supported only for HTTP APIs |
| Allow Headers | Represents a collection of allowed headers. Supported only for HTTP APIs |
| Allow Methods | Represents a collection of allowed HTTP methods. Supported only for HTTP APIs |
| Allow Origins | Represents a collection of allowed origins. Supported only for HTTP APIs |
| Expose Headers | Represents a collection of exposed headers. Supported only for HTTP APIs |
| Max Age | The number of seconds that the browser should cache preflight request results. Supported only for HTTP APIs |
Access Log Settings
| Attribute | Description |
|---|---|
| Destination ARN | The ARN of the CloudWatch logs' log group to receive access logs |
| Format | A single line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId |
Default Route Settings
| Attribute | Description |
|---|---|
| Detailed Metrics Enabled | Specifies whether detailed metrics are enabled for the stage |
| Throttling Burst Limit | Specifies the throttling burst limit of the stage |
| Throttling Rate Limit | Specifies the throttling rate limit of the stage |
| DataTrace Enabled | Specifies whether data trace logging is enabled for this Route or not |
| Logging Level | Specifies the logging level for this Route: INFO, ERROR, or OFF |
To view data
- Sign in to the Site24x7 console. Click on AWS. Choose the monitored AWS account.
- Choose API Gateway Stage from the menu dropdown.
- From the list of monitored API stages, choose the stage for which you want to see metrics for.
- The various time series graphs (visual representation of your metrics) applicable for your resource can be seen in the API Gateway Summary tab.
Monitored Resources
View a list of monitored API Gateway Resources and Routes associated with your API Gateway Stage. Click on an individual listing to see performance and resource usage stats associated with that resource. You can also set thresholds and be notified when any of these services fail by clicking the pencil icon under Action.
Monitor API execution at the method level
Monitor, visualize and alert on API execution metrics for all defined methods associated with a resource path to solve problems in API execution and implementation.
Pre requisites
- The Amazon API Gateway integration should be enabled.
- The API Gateway stage monitor in the Site24x7 console should be active.
- Detailed CloudWatch metrics must be enabled for the API stage.
Add API Gateway Resource Monitor
This section describes how to discover and add API Gateway resources as monitors:
- Sign in to the Site24x7 console. Click on AWS. Choose the monitored AWS account.
- From the menu dropdown, choose API Gateway Resource.
Discover
This section describes how you can opt-in specific resources from you API stage.
- Choose an API stage from the dropdown (multiple selections is not possible)
- Next, type a proper Regex to match resources in the chosen API stage. Append .* as a prefix or suffix to the input string to opt-in specific resources from the API stage.
For example, imagine that the API stage exposes multiple resources Viz. /income, /user, /expense. You can type in .*/income to only include resources belonging to that particular path. - Click on Discover Resources.
Add
All the resources matching your Regex pattern, along with their methods would get listed below.
- Click on the check box next to the resource path for the resource you wish to monitor
- Click on Add selected Resources to them as monitors.
To view data
- Sign in to the Site24x7 console.
- Click on AWS. Choose the monitored AWS account.
- Choose API Gateway Resource from the menu dropdown.
- From the list of monitored resources, choose the resource for which you want to see metrics for.
Metadata
API Overview
The API Overview tab provides information about the service's state and configuration.
Stage properties
| Atrribute | Description |
|---|---|
| API Gateway id | Displays the API identifier. |
| API Gateway name | Shows the API Gateway name. |
| Region | Shows the region where the API gateway resides. |
| Atrribute | Description |
|---|---|
| Stage name | Displays the name of the stage (The first path segment in the URI of a call to API gateway) |
| Created date | Displays the timestamp when the stage was created. |
| Last updated time | Displays the timestamp when the stage last updated. |
| Deployment id | Displays the Deployment identifier that the stage points to. |
| Description | Shows the stage's description. |
| Cache cluster | Shows whether a cache cluster is enabled for this stage. |
| Cache cluster size | The size of the cache cluster, if enabled. |
| Cache cluster status | The status of the cache cluster, if enabled. |
| Document version | Shows the version of the associated API documentation. |
| Access logs | Displays the setting for logging access. |
| Client certificate id | Displays the client certificate identifier for the API stage. |
| stage variables | Displays the stage variables. |
Method settings
| Attribute | Description |
|---|---|
| Metrics monitoring | Specifies whether Amazon CloudWatch metrics are enabled or not. |
| Logging level | Specifies the logging level for the method (OFF,ERROR or INFO. |
| Data trace | Specifies whether trace logging is enabled for this method. |
| Throttling burst limit | Specifies the throttling burst limit. |
| Throttling rate limit | Specifies the throttling rate limit. |
| Destination ARN | Displays the ARN of the CloudWatch logs group that receives access logs. |
| API cache | Shows whether responses should be cached and returned for requests or not. |
| Cache time to live | Displays the time to live (TTL) in seconds, for cached responses. |
| Cache data encryption | Shows whether the cache response is encrypted or not. |
| Require authorization | Shows whether authorization is required for cache invalidation request. |
| Handle authorization requests | Displays how to handle unauthorized requests for cache invalidation. |
Canary settings
| Attribute | Description |
|---|---|
| Canary deployment ID | Shows the identifier of the canary deployment the stage points to. |
| Percent traffic | Displays the percent of traffic diverted to a canary deployment. |
| Canary stage variables | Shows the stage variables overidden for canary release deployment. |
| Use of stage cache | Indicates whether canary deployement stage uses the stage cache or not. |
Resource settings
| Attribute | Description |
|---|---|
| Resource ID | Displays the resource identifier. |
| Parent ID | Displays the percent of traffic diverted to a canary deployment. |
| Resource path | Shows the full path for the resource. |
| Methods | Shows the method's HTTP verb. |
Monitor API execution at the route level
Discover, monitor, visualize, and receive alerts on API execution metrics for all defined routes associated with your HTTP and websocket API Gateways. This helps to track the route to different stages.
Prerequisites
- The Amazon API Gateway integration must be enabled.
- The route of the API stage monitor should be active.
- Detailed CloudWatch metrics must be enabled for the stage.
Adding and discovering API Gateway Route monitors
Discover and add your API Gateway Routes as monitors by following these steps:
- Log in to your Site24x7 web client, go to Cloud > AWS > and choose the monitored AWS account.
- From the drop-down menu, choose API Gateway Route and click Discover. Or, you can click the + button near API Gateway Route on the left pane.
- In the Add API Gateway Route Monitorscreen that opens, follow the steps below:
- Choose API Gateway Stage: Select the route associated with your HTTP and websocket API Gateways.
- Use Regex to Opt-in Routes: Type a regular expression (Regex) to match the routes in the chosen API Stage. Append .* as a prefix or suffix to the input string to opt-in specific resources from the API stage. Refer to the examples below.
- Click Discover.
- Detailed Metrics are Not Enabled: Discover and monitor API Gateway Routes to obtain detailed insights. To accomplish this, click Enable Detailed Metrics.
Note
Enabling API Gateway Route monitoring will incur additional charges to your AWS account.
Examples for using Regex to opti-in routes
- If the API stage exposes multiple resources like /income, /user, and /expense. You can type in .*/income to only include the resources belonging to that particular path.
- Routes consist of two parts: an HTTP method and a resource path. If you want filter based on the method, you can specify method name like GET, POST, OPTION, PUT, or DELETE
- GET /bookStore/allBooks - Gives all the book information
- GET /bookStore/book?bookName=AWS - Gives all AWS book details
- POST /bookStrore/addDetail/book?id=10?name=JAVA?price=200 - Adds the book details to book store
- DELETE /bookStrore/removeDetail?id=10?name=JAVA - Deletes specific book details
- If you want to list all GET method resources, you can type GET to list all the resources belonging to that particular method. You will receive the result as:
- GET /bookStore/allBooks - Gives all book information
- GET /bookStore/book?bookName=AWS - Gives all AWS book details
Discovered API Gateway Routes
- This section will be visible only if you'd clicked Enable Detailed Metrics in the previous step.
- The discovered API Gateway Route paths will be displayed. Check the boxes next to the API Gateway Route paths of the routes that you wish to monitor.
- Then click, Add Selected Routes.
Viewing API Gateway Routes monitoring data
- From the Site24x7 web client, go to Cloud > AWS > and choose the monitored AWS account.
- Choose API Gateway Route from the dropdown menu.
- From the list of monitors, choose the API Gateway Route monitor for which you want to view the metrics.
Monitoring API Gateway Routes
Performance metrics at the HTTP-level
| Attribute | Description | Data type | Statistic |
|---|---|---|---|
| 4xx Errors | Measures the number of captured client-side errors | Count | Sum |
| 5xx Errors | Measures the number of captured server-side errors | Count |
Sum |
| Count | Measures the total number of API requests | Count | Sum |
| Integration Latency | Measures the elapsed time between when an API Gateway routes a request to the back end and receives a response | Millisecond | Average and 95th percentile |
| Latency | Measures the elapsed time between when an API Gateway receives a request from the client and when it returns a response to the client | Millisecond | Average and 95th percentile |
| Data Processed | The total data processed by the API Gateway Route | Megabytes | Sum |
Performance metrics at the websocket-level
| Attribute | Description | Data type | Statistic |
|---|---|---|---|
| Connect Count | The number of messages sent to the $connect route integration | Count | Sum |
| Message Count | The number of messages sent to the WebSocket API, either from, or to the client | Count | Sum |
| Integration Error | The number of requests that return a 4XX/5XX response from the integration | Count | Sum |
| Client Error | The number of requests that have a 4XX response returned by API Gateway before the integration is invoked | Count | Sum |
| Execution Error | Errors that occurred when calling the integration | Count | Sum |
| Integration Latency | The time difference between API Gateway sending the request to the integration, and API Gateway receiving the response from the integration. Suppressed for callbacks and mock integrations | Millisecond | Average |
Configuration
| Attribute | Description |
|---|---|
| API Gateway ID | API Gateway ID of the Route that is being monitored |
| API Gateway Name | API Gateway name of the Route that is being monitored |
| Region | The region in which the API Gateway is deployed |
| Stage Name | The stage name of the Route that is being monitored |
| Route ID | The ID of the Route that is being monitored |
| Resource Endpoint URL | The URL of the API Gateway Route that is being monitored |
| Resource Path | The Route key for the API Gateway Route that is being monitored and is a combination of the HTTP method and resource path |
| Methods | The HTTP method of the Route |
| Protocol Type | The type of API |
| API Key Required | Specifies whether an API key is required for this Route. Supported only for WebSocket APIs |
| Authorization | Shows if authorization is enabled for the Route that is being monitored |
| Target | The target for the Route |
Integration Details
| Attribute | Description |
|---|---|
| Connection Type | The type of the network connection to the integration endpoint |
| Connection ID | The ID of the VPC link for a private integration. Supported only for HTTP APIs |
| Integration ID | Represents the identifier of an integration |
| Integration Method | Specifies the integration's HTTP method type |
| Integration Type | The type of the integration such as AWS, AWS_PROXY, HTTP, HTTP_PROXY, or MOCK |
| Integration URI | The URI of a Lambda function, a fully-qualified URL, or the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service |
| Payload Format Version | Specifies the format of the payload sent to an integration |
| Time Out | Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs |
| Content Handling Strategy | Specifies how to handle response payload content type conversions |
| Description | Represents the description of an integration |
| Integration Subtype | The subtype of the integration which can be AWS, AWS_PROXY, HTTP, HTTP_PROXY, or MOCK |
| Pass Through Behavior | Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource |
| Request Parameter | For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations |
| Request Templates | Represents a map of velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client |
| Response Templates | Templates that transform the HTTP response from a backend integration before returning the response to clients |
| TLS Configuration | The TLS configuration for a private integration |
Authorization Details
| Attribute | Description |
|---|---|
| Authorizer ID | The authorizer identifier |
| Authorizer Type | Specifies the REQUEST for a Lambda function using incoming request parameters or JWT for JSON Web Tokens |
| Authorizer URI | The authorizer's Uniform Resource Identifier |
| Identity Source | The identity source for which authorization is requested |
| Name | The name of the authorizer |
| JWT Configuration | Represents the configuration of a JWT authorizer |
| Enable Simple Response | Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy |
| Payload Format Version | Specifies the format of the payload sent to an HTTP API Lambda authorizer |
| Authorizer Result TTL | The time to live for cached authorizer results, in seconds |
Licensing
Every API Gateway Route monitor is considered a basic monitor.