WebSocket API

Learn about WebSocket APIs and how we can configure them using AWS API Gateway in AWS.

We'll cover the following

Bidirectional communication
- Example: Chat application
Security in WebSocket API

Press + to interact

WebSocket API handles such scenarios by using the publish-subscriber model. It establishes a persistent connection between the publishers and the subscribers. Clients subscribe to specific channels, and the server can broadcast messages to all connected clients subscribed to those channels. Thus, Alice and Bob connect to the server, and when the request to send a message to Bob arrives, it knows how to send it through.

A significant drop in the connectivity cost and increased available bandwidth has led to an increase in the use of WebSockets API. Many mobile applications maintain constant connections to servers via WebSockets for real-time notifications. Online gaming apps rely on WebSockets to sustain ongoing connections with individual clients. Any scenario involving instant updates, notifications, or persistent connections to the server typically involves the utilization of WebSockets.

In WebSocket, API routes have an associated Route Key, a specific field within the WebSocket message that determines how API Gateway routes the message. When a message arrives at the WebSocket API, API Gateway examines the route key to determine the destination for the message. Different messages may have different route keys, allowing for versatile routing scenarios.

Example: Chat application

Let’s understand this concept with an example from a chat application that broadcasts messages to all the subscribers. By incorporating a route key based on the “action,” we can direct requests to different backend services. When the API receives a request, it examines the JSON payload containing the action property. The route table then decides the action to take by comparing the action value against predefined keys, allowing for dynamic routing of messages to different backend functionalities based on the specified actions.

The WebSocket API provides three predefined routes:

$connect for initiating a connection
$disconnect for handling disconnected clients and servers
$default for directing requests when no matching route is found

What makes WebSocket API stand out among the other APIs is its ability to send back requests to the client. It achieves this functionality through two methods: either sends back the response according to the configured route response or sends a POST request using the @connections API. The latter works by storing the connection ID of the client. Whenever the backend service has to send a request to the client, it initiates the @connection API and provides it with the connection ID of the client.

The illustration below shows the infrastructure of the chat application containing a DynamoDB table to store connection IDs and a Lambda function to provide business logic.

Press + to interact

In our use case, the DynamoDB table stores the connection IDs of the subscribers.

Whenever a client connects to the API Gateway, the WebSocket API routes the information to the Lambda function, which stores the connection ID in the DynamoDB table.
Similarly, whenever a client disconnects, the Lambda function integrated at $disconnect route deletes the connection ID from the database.
The $default handles requests that are not routed properly by not performing any task.
To broadcast messages to all the clients, we’ve configured a $message route that fetches the connection ID of the clients from the DynamoDB table and forwards the message to them all.

Security in WebSocket API

Due to the exposed nature of APIs, it is necessary to ensure the connections are secure. Since WebSocket APIs are stateful, we only need to verify a connection when it is first established. WebSocket APIs require a username and password from the client at the route to authenticate a client. For the subsequent authorization of the client, WebSocket API stores the session details. We can use the Lambda authorizer function to handle the authorization logic.

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena