Attacks and data violations involving poorly secured APIs are occurring regularly. Protecting web APIs with general-purpose application security solutions alone continues to be ineffective. Each new API represents an additional and potentially unique attack vector into your systems. Modern application architecture trends — including mobile access, microservice design patterns, and hybrid on-premises/cloud usage has driven security to have largely a single “gateway” point at which protection can be enforced (Frankly, if you can’t govern that then you are at the helm of bigger problem).

If you are on-prem data centers and are looking to build a digital transformation solution in the cloud. OR If you have AWS or GCP already running in some capacity and you have thoughts of swapping one with the other then this post might be of consequence to you. I have been working with the cloud for almost 6 years now. And all through my journey, we have different providers come and go.

First of all, Happy new year to everyone as this is my first post for this year. Now let’s talk about the post. If your enterprise/business is looking to use managed services from AWS like API gateway and AppSync because of their feature-rich options but also want a secure connection to the domain layer then this is the post for you. If all these layers are alien to you then you can take refresher from my digital transformation architecture post.