AWS API Gateway
Treblle’s AWS API Gateway integration provides automatic discovery and monitoring of your AWS API Gateway APIs through a serverless Lambda function.
This integration captures API requests, responses, and metadata in real-time without requiring code changes to your existing APIs.
The AWS API Gateway integration automatically:
- Discovers APIs: Automatically finds all REST and HTTP APIs in your AWS account
- Multi-region support: Scans multiple AWS regions simultaneously
- Real-time monitoring: Captures requests, responses, and performance metrics
- Serverless architecture: Uses AWS Lambda for cost-effective, scalable monitoring
- Scheduled discovery: Runs automatically to discover new APIs (default: every 24 hours)
- Easy deployment: Single CloudFormation template deployment
Prerequisites
Section titled “Prerequisites”Before you begin, ensure you have:
- AWS account with API Gateway APIs deployed
- Treblle account with API key and SDK token
- AWS CLI installed and configured (for CLI deployment) or access to AWS Console
- Appropriate AWS permissions for CloudFormation, Lambda, and API Gateway
Installation Methods
Section titled “Installation Methods”Choose your preferred deployment method:
Method 1: AWS CLI Deployment (Recommended)
Step 1: Clone the Repository
Section titled “Step 1: Clone the Repository”git clone https://github.com/Treblle/treblle-aws-discovery.gitcd treblle-aws-discoveryStep 2: Deploy with CloudFormation
Section titled “Step 2: Deploy with CloudFormation”aws cloudformation deploy \ --template-file cloudformation.yaml \ --stack-name treblle-api-discovery \ --parameter-overrides \ TreblleSDKToken=YOUR_TREBLLE_SDK_TOKEN \ RegionList=us-east-1,us-west-2,eu-west-1 \ --capabilities CAPABILITY_NAMED_IAMStep 3: Test the Deployment (Optional)
Section titled “Step 3: Test the Deployment (Optional)”aws lambda invoke \ --function-name treblle-api-gateway-discovery \ response.json
cat response.jsonMethod 2: AWS Console Deployment
Step 1: Download Template
Section titled “Step 1: Download Template”Download the cloudformation.yaml file from the GitHub repository.
Step 2: Open CloudFormation Console
Section titled “Step 2: Open CloudFormation Console”- Navigate to AWS CloudFormation Console
- Select your desired AWS region
Step 3: Create Stack
Section titled “Step 3: Create Stack”- Click “Create stack” → “With new resources (standard)”
- Choose “Upload a template file”
- Select the downloaded
cloudformation.yamlfile - Click “Next”
Step 4: Configure Parameters
Section titled “Step 4: Configure Parameters”- Stack name:
treblle-api-discovery - TreblleSDKToken: Your Treblle SDK token
- RegionList: Comma-separated regions (e.g.,
us-east-1,us-west-2,eu-west-1) - ScheduleExpression: Discovery frequency (default:
rate(24 hours))
Step 5: Deploy
Section titled “Step 5: Deploy”- Review configuration
- Check “I acknowledge that AWS CloudFormation might create IAM resources”
- Click “Submit”
- Wait for
CREATE_COMPLETEstatus
Configuration Parameters
Section titled “Configuration Parameters”| Parameter | Description | Default | Example |
|---|---|---|---|
TreblleSDKToken | Your Treblle SDK token (required) | None | tre_sk_... |
RegionList | AWS regions to scan | us-east-1,us-west-2,eu-west-1 | us-east-1,eu-central-1 |
ScheduleExpression | Discovery schedule | rate(24 hours) | cron(0 9 * * ? *) |
Supported AWS Regions
Section titled “Supported AWS Regions”The integration supports all major AWS regions:
US Regions:
us-east-1,us-east-2,us-west-1,us-west-2
Europe Regions:
eu-west-1,eu-west-2,eu-west-3,eu-central-1,eu-north-1,eu-south-1
Asia Pacific Regions:
ap-southeast-1,ap-southeast-2,ap-southeast-3ap-northeast-1,ap-northeast-2,ap-northeast-3ap-south-1,ap-east-1
Other Regions:
ca-central-1,sa-east-1,af-south-1,me-south-1
How It Works
Section titled “How It Works”Architecture Overview
Section titled “Architecture Overview”The Treblle AWS API Gateway integration uses a serverless architecture:
- EventBridge Scheduler: Triggers Lambda function on defined schedule
- Lambda Function: Discovers and analyzes API Gateway APIs
- Multi-region Scanning: Parallel discovery across specified regions
- Data Processing: Collects API metadata, endpoints, and configuration
- Treblle Integration: Sends discovered APIs to Treblle platform
Discovery Process
Section titled “Discovery Process”- Account Detection: Automatically identifies current AWS account
- Region Validation: Validates and filters configured regions
- API Discovery: Finds REST APIs and HTTP APIs in each region
- Metadata Collection: Gathers API details, stages, and endpoints
- Batch Processing: Sends data to Treblle in optimized batches
- Monitoring: Provides detailed logging and error reporting
Performance Optimizations
Section titled “Performance Optimizations”- Parallel Processing: All regions scanned simultaneously
- Connection Pooling: HTTPS connections reused across requests
- SDK Client Reuse: AWS SDK clients created once per region
- Memory Optimization: Uses 256MB memory allocation
- Timeout Management: 10-minute timeout for comprehensive scanning
Multiple AWS Accounts
Section titled “Multiple AWS Accounts”To monitor APIs across multiple AWS accounts:
Account 1 Deployment
Section titled “Account 1 Deployment”aws cloudformation deploy \ --template-file cloudformation.yaml \ --stack-name treblle-api-discovery \ --parameter-overrides \ TreblleSDKToken=YOUR_TOKEN \ RegionList=us-east-1,us-west-2 \ --capabilities CAPABILITY_NAMED_IAMAccount 2 Deployment
Section titled “Account 2 Deployment”# Switch AWS credentials/profile firstaws cloudformation deploy \ --template-file cloudformation.yaml \ --stack-name treblle-api-discovery \ --parameter-overrides \ TreblleSDKToken=YOUR_TOKEN \ RegionList=eu-west-1,eu-central-1 \ --capabilities CAPABILITY_NAMED_IAMMonitoring and Observability
Section titled “Monitoring and Observability”Viewing Logs
Section titled “Viewing Logs”Monitor the discovery function logs:
aws logs tail /aws/lambda/treblle-api-gateway-discovery --followOr via AWS Console:
- CloudWatch → Log groups → `/aws/lambda/treblle-api-gateway-discovery`Troubleshooting
Section titled “Troubleshooting”Common Issues
Section titled “Common Issues”Function Timeout
Section titled “Function Timeout”- Symptom: Lambda function times out during execution
- Solution: Increase timeout in CloudFormation template or reduce regions
Permission Errors
Section titled “Permission Errors”- Symptom: Access denied errors in logs
- Solution: Verify IAM permissions for API Gateway access
No APIs Discovered
Section titled “No APIs Discovered”- Symptom: Function runs but finds no APIs
- Solution:
- Verify APIs exist in specified regions
- Check IAM permissions
- Review CloudWatch logs for errors
Invalid Region Errors
Section titled “Invalid Region Errors”- Symptom: Error messages about invalid regions
- Solution: Verify region names against supported regions list
Debugging Steps
Section titled “Debugging Steps”- Check Function Logs:
aws logs describe-log-streams \ --log-group-name /aws/lambda/treblle-api-gateway-discovery \ --order-by LastEventTime \ --descending- Manual Function Test:
aws lambda invoke \ --function-name treblle-api-gateway-discovery \ --payload '{}' \ response.json
cat response.json- Verify IAM Permissions:
aws iam get-role --role-name TreblleApiDiscoveryRoleCleanup
Section titled “Cleanup”To remove the Treblle integration:
Via AWS CLI
Section titled “Via AWS CLI”aws cloudformation delete-stack --stack-name treblle-api-discoveryVia AWS Console
Section titled “Via AWS Console”- Navigate to CloudFormation Console
- Select the
treblle-api-discoverystack - Click Delete
- Confirm deletion
The Treblle AWS API Gateway integration provides comprehensive, automated API discovery and monitoring for your AWS infrastructure.
With minimal setup and serverless architecture, you can gain complete visibility into your API landscape while maintaining cost efficiency and security best practices.