Apigee Edge Cloud to AWS using AWS DirectConnect

Not applicable

Hello,

We are facing a challenge to set up a secure channel between Apigee Edge and an AWS environment running some of our APIs backend services. We understand Apigee recommends using 2-way-SSL to achieve this (https://community.apigee.com/questions/21613/vpn-connections-to-aws-apigee-edge-cloud.html), however we have some constraints on the AWS environment to set this up.

Is it possible to use, instead, AWS DirectConnect from Apigee Edge to the AWS environment to provide similar security on the channel? Or are there any other similar alternatives recommended?

Thank you in advance!

1 1 646
1 REPLY 1

As your requirement is to set up a secure channel between Apigee Edge and Backend Service, you should consider IP based whitelisting with one way SSL or mutual authentication with two way SSL; as these two options provides you with a secure channel between your proxy and backend service. If you have constraints configuring two way SSL then you should consider IP whitelisting with one way SSL.

AWS DirectConnect is more for providing features like enhanced bandwidth usage and increased network performance for an entire subnet. So, instead of securing communication between two servers (point to point) AWS DirectConnect provides a private channel for securing communication between Virtual LANs (Note: AWS DirectConnect is based on IEEE 802.iq ).

There are surely other options like JWT based tokens to backend leveraging JWE and JWS over one way SSL etc. But the preferred options are the two listed above.