What is our primary use case?
We are currently using this solution in a project that we are implementing for a public service organization. It is a content management system that will be able to do things like rate monitoring. The service will have good security and availability.
This is a cloud-based deployment with Lambda Integration.
How has it helped my organization?
This solution gives you end-to-end protection in what you're able to do. This includes a certificate base, TLS from endpoints, and you can protect the whole link. It will generate certificate keys for you.
What is most valuable?
This solution gives you a unified way to have your API accessed.
It's a managed product and is fully scalable.
This solution ties in very well with all of the AWS services, such as IAM and asset management. It gives you security from an authentication and authorization point of view.
Lambda integration and functionality is very good.
This solution ties directly in with the AWS firewall, which gives you a lot of security, including application security in terms of things like SQL injection and cross-site scripting.
What needs improvement?
One of the problems with using this solution is that you have to know a lot about the Amazon ecosystem, in terms of services, to be able to use it. For example, if you use it without the Web Application Firewall then you're going to get some attacks. You have to read the documentation and learn how to use it.
This is a very large product, which means that there is a lot to learn and a lot of documentation to read.
It is not clear to us how you create a direct connection between your on-premises network and the API gateway. In the documentation, it tells you to create a VPN, but I find this troubling at the application level. You should be able to use MTLS. This is what you want rather than direct connect because of security issues. I don't think that this is a documentation issue. Rather, I think that it is a feature that can be improved.
For how long have I used the solution?
I have been using this solution in our current project for about nine months.
What do I think about the stability of the solution?
This solution is stable. We will not know for sure until we get into production, but our tests show that stability is fine.
What do I think about the scalability of the solution?
The scalability is excellent, given that it is AWS and not a third-party solution.
We have not fully deployed yet, so we have not had to scale, but scalability is well documented.
How are customer service and technical support?
I have not contacted technical support personally. Some of my colleagues have, but not about this solution specifically. We do have people that speak with Amazon at times.
How was the initial setup?
The setup of this solution is well documented and examples are provided. I won't say that it is very easy, but you can do it. There are some things that involve creating custom rules, which is not easy. I'm not sure if it can be made easier or not.
What about the implementation team?
We have a good team to handle the implemenation and deployment. Most of our people are pretty technical.
Which other solutions did I evaluate?
This solution does more for you than a product like Kong.
What other advice do I have?
I have heard complaints that people say this product does not have good security, but that is not true. There is an expectation that you can use it with other Amazon services to provide security, as well as other functionality.
This is a great product. It has ease of use and a full breadth of functionality. I would say that the Amazon platform, in my view, is the best compared to third-party products.
The only real problem is that you have to know a lot about what is outside of the API gateway in order to make the best use of it.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Oct 09 2019