Company Name
FragranceNet Inc.
Industry
Retail
Status
Private
Size
500+ Employees
Location
New York, United States
Website
fragrancenet.com

Segregating Public and Private API endpoints using API Gateway

How FragranceNET was able to successfully grant access to resources of Private Endpoints in the API gateway with NETSOL Technologies. These VPCLinks, along with resource-based policies, FragranceNET deployed Private API endpoints to other VPC(s) resources.

NETSOL Technologies was successfully able to grant access to resources of Private Endpoints from certain VPC(s) by creating VPC endpoint(s) and VPCLinks in API Gateway.

Challenge
  1. Exposing a defined set of APIs
  2. Making private APIs accessible from other VCP(s)
Solution
  1. API Gateway REST Regional and Private endpoints policies were used
  2. Used API gateway integration for NLB to expose private endpoints
Results
  1. Access granted to private resources of private endpoints from certain VCP(s)
  2. Private API endpoint access granted to other VCP resources
New Services Added
  1. API Gateway
  2. Private Link
  3. Network Load Balancer

Requirement

After being acquired by a parent organization, fragrancenet.com required to expose defined private endpoints to other parts of the departments privately while keeping the subset of APIs public.

Challenge

Fragrancenet.com has Private APIs hosted on EC2 instances. The client wanted to expose a defined set of APIs to the outside world. The aim was to make Private APIs accessible from other VPC(s) resources of the organization.

Solution

By using API Gateway REST Regional and Private endpoints with resource-based policies, NETSOL Technologies was able to achieve the required functionality. NETSOL used API Gateway private integrations to use NLB, as well as exposed private endpoints to certain VPCs by whitelisting them via resource-based policies.

Result & Success Metrices

NETSOL Technologies was successfully able to grant access to resources of Private Endpoints from certain VPC(s) by creating VPC endpoint(s) and VPCLinks in API Gateway.

Due to those VPCLinks along with resource-based policies, our team was able to grant access of Private API endpoints to other VPC(s) resources. The access was verified by getting the success response from EC2 instances residing in private subnet of specific whitelisted VPC.

TCO Analysis Outcome

With infrastructure already deployed on AWS, NETSOL Technologies added an API Gateway as a skin on top of their current APIs.

And configured the following factors in TCO estimates:

  1. Number of API Calls
  2. Number of VPC Interface endpoints per AWS region
  3. Total data processed by Interface endpoints
  4. Number of Network Load Balancers
  5. Processed bytes per NLB

The following new services were added to the solution:

  1. API Gateway
  2. Private Link
  3. Network Load Balancer

Constraints

  1. You cannot directly access the application load balancer through a Private link but you can access the Network load balancer.
  2. Private APIs are more secure but add extra complexity to the architecture like interface VPC end points and load balancers.