I am Using spring boot for microservice development. I have 3 microservices deployed on AWS ecs. with application loadbalancer and AWS API gateway my microservices are accessed to outer world.
Now I want to add spring security and Oauth2 in my microservices. Does AWS api gateway really required? Because if I use AWS apigateway, I have been forced to use cognito instead of spring security. or I can directly use Application load balancer as outer world entrypoint?
Related
I have started a monolith using a NodeJS with Elastic Beanstalk, exposing the api with Route 53 and Cloud Front just to launch my mvp/pilot.
I’ve designed the architecture to easily decouple into micro services.
I was wondering, how to decouple it, or maybe create new domains as a Lambda, and keep both words in parallel, by leaving the Elastic Beanstalk live until every service be decoupled as a lambda micro service.
At the moment, the endpoint is “api.domain.com/v1…”.
As far as im aware, Lambda works with Api Gateway. Is possible to keep them in the same “api.domain.com…” or should I have a different subdomain to orchestrate the lambdas with the API Gateway?
You should start by setting up API Gateway and placing it in front of your Elastic Beanstalk API. So your domain would then point to API Gateway, and it would be setup to send requests to your Elastic Beanstalk backend.
You could start by doing this without a custom domain in API Gateway, and once it is working, configure the custom domain settings and update your DNS so the domain then points at API Gateway.
After you get API Gateway working with Elastic Beanstalk, you would then be able to start configuring specific paths in the API to go to Lambda functions instead of Elastic Beanstalk.
Can Global Accelerator or Load balancer route traffic to APIs on AWS API Gateway where APIs have backend micro services outside of AWS? My clients are coming from internet, they need to call various APIs deployed on AWS Apigateway where the backend micro services mostly outside of my AWS account, they are either on another AWS account and most of then on NON AWS infra.
My job is to build APIs on AWS Gateway and have them exposed to external partners. I don't own micro services.
Any help is highly appreciated.
I'm trying to find out if Spring Cloud Zuul is working on GCP or not. If that's the case, should we use it the same way we do in AWS?
(The Services are deployed as App Engines)
Thanks,
As Zuul is an edge server as a bastion host it should have no problem working on GCP. The dataflow and architecture will depend entirely on the GCP API and service where you will be deploying Spring Cloud, in your case (App Engine API), the management and configurations come from Cloud VPC API features such as Routes and Load Balancer API's that will be working with Zuul.
Here is a guide explaining how to deploy it on GKE as a containerized service where they follow the integration for Zuul with Istio at service layer scope.
I have 4 SpringBoot microservices using DynamoDB. They have some endpoints that need to be public for my application to work and some endpoints that are supposed to be for internal communication between the services. What is the best architecture to achieve this?
In general I was thinking something like:
API Gateway that has the externally available endpoints
Private VPC
microservices deployed on Elastic BeanStalk in the internal VPC
What is best way to configure the above so the services can access DynamoDB and also call each other. But the clients can only call specific endpoints defined in the API GW?
I followed A Practical Guide to Deploying Microservices on AWS to deploy an internal API in AWS ECS. However the guide fails to mention how to access the API via internet.
There are examples (Access Private applications on AWS Fargate using Amazon API Gateway PrivateLink | AWS Compute Blog) on how to do this, if the app is behind a NLB, however this one is an ALB. Is there any such examples on how to access this internal api?