AWS API Gateway as Single Entry Point & Architecture Design Patterns!
Today enterprises do understand the importance of Microservices architecture and leading their digital transformation journeys of modernizing the application on Microservices architecture. Microservices leads enterprises to distribute their teams into smaller units who are responsible to manage a small service rather than a complete whole application. By doing this, they enhance the benefits of Agility and release velocity.
Microservices architectures also steered lot of challenges when it comes to the public service. This enforce engineering and security standards and collecting logs and metrics for a cross-service operational view.
Simply distributing your application into a microservices architecture will not enable the agility and time to market. Enterprises also needs to ensure that the services together feel like a cohesive product to consumers who will be accessing their service or API externally.
API management is the process of designing, publishing, documenting and analyzing APIs in a secure environment. Through an API management solution, an organization can guarantee that both the public and internal APIs they create are consumable and secure. API Management allows organizations that create APIs or use others’ APIs to monitor activity.
API Management can be delivered on-premises, through the cloud, or using a hybrid on-premises — SaaS (Software as a Service) approach. Today, developers, enterprises, and organizations often create open APIs that allow others to integrate with their products and services. Hundreds of thousands of APIs designed to facilitate the exchange of information exist across industries. As the number of APIs continues to grow, the need for developers and enterprises to monitor and manage them in a secure and salable way increases.
Amazon a Leading Cloud Provider offers a comprehensive platform for API Management called Amazon API Gateway. API gateway enables organizations to define, secure, deploy, share and operate at any scale. In also makes API monitoring simple and fast.
Amazon API Gateway now becomes an ease for enterprises to expose their offerings as a service or API by leveraging the API Gateway capabilities. API Gateway enables enterprises to expose their API’s externally in highly secure and salable manner. In simple words, I would define Amazon API Gateway as a fully managed service for deploying and managing a unified door to your applications.
Before API Gateway:
When enterprises were not having the flexibility such as Amazon API Gateway. Microservices architecture used to looking like a mesh architecture without any standard pattern to follow.
Enterprises leveraging Amazon API Gateway also weave other offerings from Amazon together to further strengthen their scaling and agility business drivers.
In above figure: I have tried to show a LAMP architecture where enterprise would like to host an application on AWS where entry point for an application can be web or mobile.
In above example, for mobile application entry point is AWS API Gateway which further take additional advantages from more services such as:
· Amazon Cognito is a user management service with rich support for authentication and authorization of users. You can manage those users within Amazon Cognito or from other federated IdPs. Amazon Cognito can vend JSON Web Tokens and integrates natively with API Gateway to support OAuth scopes for fine-grained API access.
· Amazon CloudWatch is a monitoring and management service that collects and visualizes data across AWS services. CloudWatch dashboards are customizable home pages that can contain graphs showing metrics and alarms. You can customize these to represent a specific microservice, a collection of microservices that comprise a product, or any other meaningful view with fine-grained access control to the dashboard.
· AWS X-Ray is an analysis and debugging tool designed for distributed applications. It has tools to help gain insight into the performance of your microservices, and the APIs that front them, to measure and debug any potential customer impact.
· AWS Service Catalog allows the central management and self-service creation of AWS resources that meet your organization’s guidelines and best practices. You can require separate permissions for managing catalog entries from deploying catalog entries, allowing a central team to define and publish templates for resources across the company.
When enterprises are architecting their Microservices architecture and planned to use Amazon API Gateway towards API management and front door access to all their Microservices. They need to have following architecture patterns in mind:
- Single AWS Account: in the following architecture pattern, Enterprise has all Microservices offered from a single Amazon account.
Using a Single Account strategy simplifies enterprises to host and manage all their Microservices in one account which can share the same network topology and easily communicate with each other. With all APIs hosting onto API Gateway, enterprises can perform path based routing.
On monitoring front, enterprises can leverage the offerings such as Aws X-Ray to trace latency related metrics and a Cloud Watch service to host a dashboard and report all metrics into cloud watch. Further, enterprises can use SNS to send out a notification to a business or technology stakeholders on defined parameters.
- Separate AWS Account
Separate AWS Account strategy is being adopted by much matured enterprises where each individual microservice has been hosted onto a separate and dedicate account.
In separate Account strategy the chances of any human error is less and operational controls are well defined. When separate AWS Account strategy has been defined, each API Gateway API resides in the individual single AWS account where microservice resides. They use a common offering from organization and security accounts. This strategy enables enterprises to have a clear cost boundaries defined and managed.
- Central AWS Account
Central AWS Account strategy is very similar to separate AWS account strategy and only holds a difference where API Gateway is hosted in a central account which accessing the Microservices from cross accounts.
The following architecture in turns to be a best architecture for most of the enterprises as it balances out the microservice separation with unification for better user experience. Since each microservice lives in its own account, from a cost metrics it balanced out the complete cost budgeting for an enterprise.
Conclusion
When coming out to designing your IT landscape, it is essential to understand the various design patterns available and which one suits best to an enterprise needs considering long term goals.
The following article emphasize on available design pattern enterprise should consider while adopting their Modernizing application using Amazon API Gateway as API Management tool.
