I deployed Swagger APIs in an ec2 instance working with port number. Then, I want to integrate with API gateway for reverse proxy and cors policy. How can I do that? Can any one help on this?
i am able to combine all swagger apis in api gateway.Import the swagger json file in apigateway and add the integration methods according to the requirement either lambda or html or aws services and deploy the api.
Related
This could sound like a very noob question, so let me apologies first.
We have multiple lambda services (JavaScript) added that uses AWS cognito. I know that AWS cognito is majorly designed for authentication and authorisation in serverless architecture.
But now I have a microservice written in Java using spring boot which is deployed behind the AWS api gateway. The gateway is running as a proxy to the service's resources. So our client app authenticates users using cognito and used Authorization and api key to access our services which have AWS_IAM and api key authenticating every request to the service on the gateway.
To perform some tasks in the service cognitoIdentityId is required. In case of JS lambda services we receive it in the event json in its context field. But I could not find any way for the spring-boot service to receive it. Neither HttpSession nor HttpServletRequest have that info. Requests are not directly authenticated with the service so spring SecurityContext's principal is also empty/anonymous. The documentation on cognito with http services is very bleak and most of the discussions starts and ends with Lambda.
Can anyone point me to the right direction as how to get the id?
Thanks in advance.
I have developed my microservices in springboot, want to implement API gateway in it.
My frontend is Angular.
Read in detail from here:
https://spring.io/guides/gs/gateway/
(All about how to create and config gateway in spring-boot.)
I have a bunch of rest services. I want to have a kong api gateway implemented at the front. I dont want to go into kong admin api and manually add all the exposed api.
Can i take help of any service discovery implementation like eureka or consul to autoconfigure my apis to Kong.
I'm afraid not.
Kong's configurations are stored in postgres and updated through the admin API, you can write your own program to import.
I'm wondering what to do with an API Endpoint when using a API Gateway. For example when you following the tutorial here: https://wiredcraft.com/blog/securing-components-in-a-microservice-context
You are using keycloak and kong (api-gateway) to secure the api. With kong you're getting an new Endpoint under http://localhost:8000/data. But the "original" express Server is still listening on http://localhost:3001/data.
That means that when a user/attacker knows the url of the "orignal" service and doesn't use the kong url (port 8000) he/she can still work with the api.
So my question is about the strategy and what to do with the original api? How could that be secured. Shall we implement the keycloak request on the api as well? But where are the benefits of kong then?
Your API gateway gives you a single entrypoint that simplifies how client applications access your services. You could add keycloak security on the gateway and not on the services behind - perhaps if you've a setup where you can block network access for clients to any services except the gateway. But even then you might still want the gateway and keycloak on the services behind.
The reason you might put keycloak on the services behind is because they are likely to need to know the identity of the user making the request. If they are going to read the token anyway then it might be most straightforward to add keycloak to them. And you'd still want the gateway to simplify life for clients. You'd then also want the gateway to forward the token to the services behind the gateway. (We're using keycloak and spring cloud gateway on the Activiti Cloud project and this is essentially how we decided to secure the services themselves with keycloak and have the gateway forward the token to them.)
I am creating a rest api using AWS API Gateway and ASP.Net Web Api as the backend service. I have created an ASP.Net Web Api application and hosted it on AWS EC2 instance. Now I want to connect this api hosted on EC2 to the AWS API Gateway.
I searched on internet a lot but found no examples for API gateway with EC2. All the examples are either for Lamda or for HTTP proxy.
There is no special EC2 integration with API Gateway. You should use the same instructions for building an HTTP integration, just specifying the address of your EC2 instance as the integration endpoint.
NOTE: You may want to consider using some additional components like Elastic Load Balancing (ELB) and/or Elastic Beanstalk to improve reliability of your integration backend.