AWS + Springboot + Microservices + Elastic BeanStalk + API Gateway + DynamoDB - amazon-web-services

I have 4 SpringBoot microservices using DynamoDB. They have some endpoints that need to be public for my application to work and some endpoints that are supposed to be for internal communication between the services. What is the best architecture to achieve this?
In general I was thinking something like:
API Gateway that has the externally available endpoints
Private VPC
microservices deployed on Elastic BeanStalk in the internal VPC
What is best way to configure the above so the services can access DynamoDB and also call each other. But the clients can only call specific endpoints defined in the API GW?

Related

Migrate from Elastic Beanstalk to Lambda

I have started a monolith using a NodeJS with Elastic Beanstalk, exposing the api with Route 53 and Cloud Front just to launch my mvp/pilot.
I’ve designed the architecture to easily decouple into micro services.
I was wondering, how to decouple it, or maybe create new domains as a Lambda, and keep both words in parallel, by leaving the Elastic Beanstalk live until every service be decoupled as a lambda micro service.
At the moment, the endpoint is “api.domain.com/v1…”.
As far as im aware, Lambda works with Api Gateway. Is possible to keep them in the same “api.domain.com…” or should I have a different subdomain to orchestrate the lambdas with the API Gateway?
You should start by setting up API Gateway and placing it in front of your Elastic Beanstalk API. So your domain would then point to API Gateway, and it would be setup to send requests to your Elastic Beanstalk backend.
You could start by doing this without a custom domain in API Gateway, and once it is working, configure the custom domain settings and update your DNS so the domain then points at API Gateway.
After you get API Gateway working with Elastic Beanstalk, you would then be able to start configuring specific paths in the API to go to Lambda functions instead of Elastic Beanstalk.

Can Global Accelerator or Load balancer route traffic to APIs on AWS API Gateway where APIs have backend micro services outside of AWS?

Can Global Accelerator or Load balancer route traffic to APIs on AWS API Gateway where APIs have backend micro services outside of AWS? My clients are coming from internet, they need to call various APIs deployed on AWS Apigateway where the backend micro services mostly outside of my AWS account, they are either on another AWS account and most of then on NON AWS infra.
My job is to build APIs on AWS Gateway and have them exposed to external partners. I don't own micro services.
Any help is highly appreciated.

How to deploy private microservice in aws

I'm new to Amazon services and I have a scenario to deploy microservice architecture. I just searched for many keywords but I've got nothing.
I have services A, B, C, D and I want to deploy them in a VPC cluster that has the Fargate launch type. I want to access each service by APIGateway Restful but I don't want to assign public IP to my services and I just want them to be accessed through API Gateway.
How could I do this by CloudFormation ?
To create API gateway you can use API Gatway resources from CloudFormatinon.
For load balancer you can use ElasticLoadBalancingV2.
And for ECS you will need to use resources from here.
All these resources have examples, which should help you get started.

How to connect to applications hosted behind an application load balancer in AWS?

I followed A Practical Guide to Deploying Microservices on AWS to deploy an internal API in AWS ECS. However the guide fails to mention how to access the API via internet.
There are examples (Access Private applications on AWS Fargate using Amazon API Gateway PrivateLink | AWS Compute Blog) on how to do this, if the app is behind a NLB, however this one is an ALB. Is there any such examples on how to access this internal api?

Spring security with external app and microservices communication

I am Using spring boot for microservice development. I have 3 microservices deployed on AWS ecs. with application loadbalancer and AWS API gateway my microservices are accessed to outer world.
Now I want to add spring security and Oauth2 in my microservices. Does AWS api gateway really required? Because if I use AWS apigateway, I have been forced to use cognito instead of spring security. or I can directly use Application load balancer as outer world entrypoint?