Getting Started with AWS API Gateway, Lambda Functions & DynamoDB for a basic REST API

Aaron Morey
Feb 24, 2018 · 6 min read

This article is an insight into Serverless with AWS stack API Gateway, Lambda Functions & DynamoDB. This article is not about each service but how you can use them all together with a really simple demo to get started. Hopefully this is useful to other developers. This is not on GitHub as a repo but just a few Gists to get started due to most this being AWS UI driven.

Let’s start with the services used:

  • API Gateway to handle the Requests and Responses for our HTTP REST API (Does more than this but for simplicity)
  • Lambda Functions for the backend code to execute & integrate with DynamoDB
  • DynamoDB for our Database backend

Starting off with the DynamoDB setup. Mainly because this is quick and a dependancy on demoing the Lambda Function.

A great approach for API development & one that works extremely well for rapid development in a project is to start with a Mocking your API. You can mock by providing a json file in an S3 bucket or locally mocking data in development. BUT API Gateway can return a Mock JSON response for you. This is so great & really beneficial for API development as this allows you to expose a Single Entry point for the API and return data on the fly.


DynamoDB for this demo is purely a database as a service with minimal thought into the document schema. This is extremely simple implementation.

Further reading -

In DynamoDB you must define your primary key & sort keys on creation but here we just want an id.

  • Open DynamoDB in AWS Console
  • Create Table with Name “Entities” and Primary Key “id” with Default Settings

This is all we need to do in DynamoDB for storage. Having implemented a much more in-depth prototype with DynamoDB its a great solution if you want to hook into Lambda and also streams.

Lambda Functions

This is the Backend code which is essential for Serverless. Lambda will execute on demand and be the code to handle the API request and response. This is using DynamoDB to demo a proper API backend service.

Let’s start

  • Open Lambda in AWS Console
  • Create new Function (Name “CreateEntity”, Runtime “Node.js 6.10”)

Lambda Role must have permissions to DynamoDB

Function Code

We need 2 Functions for this demo, a create and a list of all entities. So Create another Function for GetEntities with Environment Variable set to same as CreateEntity.

See Gists below for code.

Testing your new Lambda

AWS Lambda Functions has great way to test them through the UI and recommend doing this to ensure everything is working.

Create with Hello World Template (Doesn’t make sense why not a blank JSON template. Then change the JSON to what you want to insert into DynamoDB.

This will execute and create a new record in DynamoDB

Then in your Lambda you will see a Test button. Now just click to run!

Check DynamoDB & you will see new record.

API Gateway

Now to the final part of the AWS setup for the Lambda to execute when we request through a HTTP request to the API Gateway for the actual REST API.

  • Open API Gateway in AWS Console
  • Create new API, call it Entities API
  • Create new Resource from under the API > Resources > Actions & Select Create Resource. Resource Name “Entities” which will set the Resource Path automatically to lowercase

Resource should be the plural of the object/type/entity you want to return for RESTful API

Create API

  • Create Resource Methods (GET/POST) which will handle Entities. To do this select under the “Entities” resource > Actions > Create Method
  • Each Resource Method you will need to select Integration Type “Lambda Function” and then select the Lambda Region you created the Lambda Function “ap-southeast-2” and then put the Lambda Function name in “GetEntities” for GET and “CreateEntity” for POST

As you type in the Lambda Function name it will autocomplete and lookup as you type

API Gateway provides the ability to also add authorization for your new API. You can do this with AWS account credentials, API Key & CORS.

For this API I want to just restrict POST method so I can control data updates. I am going to use a simple API Key in AWS Gateway.

You will need to strongly consider security with APIs. At least you want to do or consider with any is with POST/PUT/DELETE methods with security.


  • Select API Key in Dashboard
  • Actions > Create API key
  • Name “EntitiesApi” or anything you want
  • API Key set to Autogenerate
  • Save

Important… You now must setup a Usage Plan or you won’t be able to hook this up to your new API.

Usage Plan

  • Select Usage Plans in Dashboard
  • Name “Basic” or anything
  • Enable Throttling / Quota is up to you but worth enabling so you don’t get any costs if anyone can hit it.

You now need to add API Stage to your Plan

  • Click into your new Plan “Basic” >Add API Stage
  • Select API “Entities API” and Stage “prod”

For the same Plan you need to add the API Key to the Plan. You can do this in API Key as well by clicking on API Key then “Add to Usage Plans”

  • Click API Keys > Add API Key to Usage Plan
  • Enter your API Key name

Entities API Security

  • Click Entities API > Resources > /entities > Click POST > Method Request >

That is all the setup! Quite a bit to it but worth going through this & getting it setup.

Testing the API

Ensure your API is deployed to a Stage “prod” and you have an API URL to invoke.

I use Postman for all API requests (It does way more than this BTW)

GET {AWSURL}/{Stage}/entites

POST {AWSURL}/{Stage}/entities

  • Set the Request Headers
  • x-api-key : “API Key from AWS which is was generated when creating”
  • Content-Type: application/json
  • POST Body: { “name” : “Postman Request Created Me!” }

Finally GET the Entities again to verify!


There was quite a bit to get all these services integrating together. API Gateway is a great way to provide a single entry point into your backend services, whether Lambda or HTTP end points.

Serverless has so much to offer & using AWS to achieve this is just amazing. Not sure if Serverless is the way to go for a full API if you have larger API and code resuse, discoverability, API documentation etc but is interesting moving forward.

Aaron Morey

Written by

Tech enthusiast, technical lead, solution architecture, microservices

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade