beawolf - Fotolia

What are the benefits of the Amazon API Gateway tool for AWS?

Can the new Amazon API Gateway help make the AWS public cloud networks more secure? Expert Dan Sullivan examines how this new tool can benefit enterprises.

The new Amazon API Gateway tool for AWS was recently introduced. Are there security benefits to using these types...

of API gateway tools? Would certain enterprise cloud environments benefit more from their implementation?

Application program interfaces are standard features of distributed applications, but they present significant overhead from a security perspective. An API is like the front door of an application, and it is facing the Internet. An API gateway service is a good idea for anyone who would rather add product functionality than spend time locking down their API.

Although the Amazon API Gateway tool is new, developers have had options from Microsoft Azure and third parties, such as Apigee, CA API Management and Mashery. These services offer a range of capabilities not limited to security, such as the ability to set rate limits and quotas, throttle users that exceed quotas, consolidate multiple application services into a single management system, and provide analytics reporting. Authentication and authorization services are especially important selling points of API management systems, at least to the infosec team.

Amazon's API Gateway is new, and like many AWS services, should be considered a first version with additional features to come later. Even if the Amazon API Gateway never reaches feature parity with third-party API gateway providers, it offers a singular advantage: It integrates with the AWS ecosystem.

API Gateway integrates with AWS's Identity and Access Management (IAM) and Cognito to provide authentication and authorization services. Organizations that already use IAM can leverage their existing users, groups and privilege assignments. For applications that depend on OAuth or OpenID, the API Gateway can integrate with back-end services for authentication.

The gateway service integrates with CloudWatch, Amazon's performance management service that can also help identify potential security issues, such as excessive numbers of calls or other suspicious activity. Amazon also offers CloudTrail for logging API calls to the standard logging service in AWS. There is also a service for generating API keys. The API keys are included in logging information to enable tracking users of the API.

Next Steps

Find out how to assess cloud API security risks

Take a closer look at Amazon's AWS cloud platform

Read more on criteria for choosing a public cloud platform

Take this quiz on API codes, RESTful APIs and more.

Dig Deeper on Cloud Computing Frameworks and Standards