However, what is stopping a malicious actor from bypassing the API gateway and communicating directly to the micro services ?
Do we solve this problem using a firewall, so only trusted traffic reaches the micro services ?
Kind of - sort of
With this kind of setup, usually you’d put all your micro services inside a VPC. The micro services wouldn’t even be directly accessible from the internet. So it wouldn’t really be a “firewall” - but a nat gateway.
Though conceptually a little bit the same. The API gateway is kind of acting as a firewall
Kind of - sort of
With this kind of setup, usually you’d put all your micro services inside a VPC. The micro services wouldn’t even be directly accessible from the internet. So it wouldn’t really be a “firewall” - but a nat gateway.
Though conceptually a little bit the same. The API gateway is kind of acting as a firewall