Research API Hosting Options

[Enshaedn]

@ActoKids/api Lambda vs Node server +Create Ping API for @ActoKids/webui

[MrSamsa42]

I created a Lambda function and connected it to an API gateway endpoint. "Ping API" is a sort of loosely-defined term -- I could not find a standard response. So, the Lambda function returns a simple message, today's date, and a bunch of context info for the Lambda function itself.
You can try it here: https://f8m8j1183j.execute-api.us-east-1.amazonaws.com/prod/ad440TestFunction

Expected time: ~1 hours.
Actual time: 3 hours because....

I also tested it to make sure it can be accessed via an HTTP request. Early attempts failed because CORS was not enabled. I eventually realized that I had to add "Access-Control-Allow-Origin" : "*" to the header in the response returned by the Lambda function. I could have also enabled CORS in the API Gateway, but since this is a "simple" request (a GET request with no authentication), it wasn't necessary. However, a more sophisticated approach to CORS will be required in the production app. More info here and here.

Working demo of HTTP request is here: http://corpsitron.com

[toddysm]

Can we use the API GW for authentication? If not how can we do the authentication? Using Cognito? What is the cost for the whole infrastructure?

[MrSamsa42]

Expected time: ~3 hours Actual time: 4.5 hours The short answer is no – by itself, AWS API Gateway cannot authenticate a user. API Gateway has several mechanisms for controlling access to the API (described at length here). However, authentication requires configuration of another AWS service or resource. There seem to be two options: using API Gateway Lambda Authorizers with a third-party (e.g. Facebook or Google), or Amazon’s own authentication service, Cognito (with optional third-party sign-in). The pros and cons of both approaches are outlined in this Stack Overflow post. The simplest, most straightforward approach would be to use Cognito, so that is what I am recommending. We will need to ask the client whether she wants to include the third-party sign-in option.

AWS Cognito is free for up to 50000 monthly active users (MAU), and this free tier pricing never expires. If we assume that the only authenticated users are non-profits, then Aktokids will likely never fall outside the free tier. Even if the client requests that casual users be authenticated as well, it will still take a very long time to reach 50K MAUs -- there are perhaps 7000 special needs children in all of Seattle (assuming 53K school-age children, 13% of whom are special needs). However, if the app were to go viral and at least one parent of every special needs child in the state (13% of 1.1M) was a MAU, the cost of authentication could be ~$480 per month. See this page for detailed pricing info.

API Gateway costs are harder to estimate – see this page. You are charged for the calls received and the amount of data transferred out. The free tier allows for 1M API calls. Outside the free tier, API calls are priced at $3.50 per million. Data out is charged at 0.09/GB. Once outside the free tier (after 12 months), if we assume that at least one parent of each special needs kid uses the app to make 3 API calls per day, and that each request returns 3 KB of data, API Gateway would cost $2.34/month to support use by all eligible parents in Seattle, or $49.50/month if the app were used state-wide.

Lambda cost estimation is even more complicated – see this page. You are charged for the total number of requests (priced per million), and the compute time, measured in GB-seconds. A GB-second is the amount of time it takes to run a function (rounded up to nearest 100 ms), multiplied by the specified maximum memory allocation. In free tier (that never expires), you get 1M requests and 400K GB-seconds per month. Outside the free tier, requests are priced at $0.20/million, and compute time is priced at $0.00001667/GB-second. Again, using the same assumptions as above, and assuming a 512 MB memory allocation, a Seattle-wide user-base would be within Lambda’s free tier; a state-wide userbase would cost $52.11 per month.

Setting aside DB and storage costs (expected to be very modest), the total cloud cost to support a city-wide user base would be only $2.34. At a state level, costs balloon to $581.36, most of which is authentication. At that point, it would make sense to transition to API Gateway Lambda Authorizers or some other scheme.