Is Django an API gateway?

Can I run Django on AWS Lambda?

Django can certainly run on AWS Lambda.

In fact, if you're hosting Django on App Engine or another cloud PaaS it's just a matter of porting those projects to Lambda.

My colleague Ben Ramey used Lambda while he was in this summer's Google Summer of Code. His cloudapp application consisted of a single AWS Lambda function for each site that served up dynamic content using S3 data. This post is a summary of his experience.

For the most part, I found the experience to be simple and fun. Using an event as a trigger, Lambda executes the handler. Each lambda can run for a long period of time, from seconds to hours depending on what you choose for the duration parameter.

I used this simple example: def handler ( event, context ): response = return jsonify ( response ), 200 def lambdahandler ( event ): return handler ( event ). In my use case, I needed to add a unique identifier at every call, so I created my own Cloudwatch metric that could be tracked across all of my Lambdas, but since this is an example, I'll just use the default metric - Number of Requests. At this point, you will start receiving lots of traffic across your AWS account. Lambda uses a few tricks to ensure high availability: Each Lambda runs a health check that takes a small amount of time. If the health check returns successfully, it keeps running. If not, it shuts down and waits for the end of the timeout period before restarting. Lambda will attempt to run its next event within 5 seconds of when the previous event started running. Events are not allowed to take longer than 5 minutes.

I started with 10 Lambdas running within 10 minutes of each other (just for fun). At first, I was getting errors in my Cloudwatch logs from failing health checks. After some debugging, I figured out what was going on. In my event, I was adding a timestamp to my response with something like the following:

Time = datetime . Now () .

Is Django an API gateway?

I think a web framework is not an API gateway.

How do you guys make your APIs secure, and what tools do you use to secure your APIs? Do you go with HTTPS? OpenID Connect/Oauth? Django is an amazing web framework. One of the best I've worked with.

As for making your API secure, Django comes with a bunch of great built in tools to help you do that. The most basic one is Django's authentication and authorization package which allows for OAuth based authentications/authorizations.

It also comes with a number of different packages you can use for authentication with external databases like MySQL, Postgres, SQLite, and SqlServer. It even has the option of using your own external authentication backend if you want. This is the recommended way of handling users and passwords in Django, but still offers a great solution for people who want to handle their own databases for user/passwords.

If you want to learn about authentication/authorization further, Django has some great documentation on how to get started. Here's one of my favorite resources for it.

One thing Django doesn't do is protect your API endpoints, so you'll have to have some other security mechanism in place to help protect your API endpoints. I would recommend using your own internal server side encryption as suggested here for extra protection. I haven't done this personally, but I did find this guide pretty helpful.

For OpenID Connect based authentication, I don't know much about it and I've never used it, but I did just read up on Django's OpenID library. It looks pretty neat.