AWS Api Gateway / AWS ALB / Kong Api Gateway

Question

I have a task to replace current CA layer 7 with new API gateway. New API gateway should be able to handle 1. Rate limiting 2. Authentication 3. Version handling etc., After researching i found we could use AWS api gateway or Kong api gateway or AWS ALB with Cognito for authentication support. This is so overwhelming to understand the basic differences, could you please give some insight on basic concept in simple words and some pointers or link that i should refer to start with.

Answer 1

API Gateway keep track of every deploy you make in the Deployment History tab. There you will find all versions of your API and you can change to any of them whenever you want.

You can also create your api gateway from a Swagger file.

For every method that you create for a resource you need to configure the Method Request, the Integration Request, the Integration Response and the Method Response.

The Integration Request is where everything happens. You will set there how you are going to handle your requests, if you are going to integrate with any aws service like firehose or if you are going for a lambda integration or with an existing HTTP endpoint.

Mapping Templates uses Apache Velocity Template Language (VTL). http://velocity.apache.org/engine/1.7/vtl-reference.html https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html

Getting started with REST apis: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html

API GATEWAY INTEGRATION TYPES: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-integration-types.html

How to import a rest api: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html

Limits and known issues: https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html

Deploying: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html

Publish: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-publish-your-apis.html

Answer 2

AWS API Gateways supports lambda authoriser for authentication which is integrated with any identity provider - Azure AD, Cognito pool etc. It supports both Client Credentials (service to service) authentication and Authentication code(user based authentication) but AWS ALB don't support client credentials authentication flow.

AWS API Gateway also provides caching, request & response mapping, customise handling for each response type, request validation, throttling where AWS ALB is yet to be improved for all these feature.

Kong api gateway also provide similar feature as AWS API Gateway with added features

• If all the backend services are deployed in AWS and you don't need
  complex API gateway then go for AWS API Gateway. It is pay per use service and you don't need to pay for extra support for API gateway assuming your services are already deployed in AWS.

• If you need api gateway solution with complex requirement and extra features then Kong API gateway can be considered. But you will need to either pay for Kong API gateway support or need extra effort in coding when used open source.

• AWS ALB can be used only for specific scenarios and it is getting matured day by day.