Edge integration with AWS

About Apigee Edge integration with AWS

Amazon Web Services (AWS) provides a rich set of cloud-based services, some of which you may already be using, such as AWS Lambda.

You can proxy your backend AWS services with Apigee Edge, which gives your developers an easy-to-use, unified API while leveraging Apigee's full suite of API management tools and policies, including security, message control, monetization, analytics, API health testing, Edge Microgateway, Node.js support, and more, as shown in the diagram above.

And if you use Edge Public Cloud to proxy your AWS services (or install your Edge for Private Cloud on AWS), there are many built-in advantages to using an API management platform running in the same environment as your AWS services, such as great performance, scalability, and failover.

Edge integration with IAM services: Edge KVM and Node.js

Many AWS services are secured with Identity and Access Management (IAM), which provides access control through a combination of policies, roles, and groups that are applied to users and services.

When you make API calls to IAM-protected services, IAM requires the Access Key and Secret Access Key of a user registered in your AWS account. (For the Edge-AWS integration, you will create a single AWS user that represents your Edge organization.) Keeping the keys secure is paramount, yet they need to be provided on API calls from Edge to AWS. Edge lets you create encrypted key value maps (KVMs) that you'll use to store and retrieve AWS keys using Node.js.

In addition to Apigee KVM Node.js functions that retrieve IAM credentials, there are other advantages to using Node.js in your API proxies:

  • The AWS SDK provides built-in advantages for security and networking, such as exponential backoff.
  • Flexible orchestration is often needed between AWS and other services, and Node.js is a good way to provide that flexibility.

Edge integration with AWS TLS/SSL services

AWS services that are protected by TLS/SSL, as shown in the diagram above, can be proxied by Edge the same way that Edge proxies all other HTTPS endpoints. See the AWS documentation on the services you're using for any special message requirements.

Next steps