Connect AWS Gateway

Understand why you would want a connected / managed environment for AWS API Gateway within AMPLIFY Central. Learn how you can govern and monitor the creation / deployment / publishing and subscriptions of the AWS API Gateway hosted APIs in one central location.

3 minute read

Why do you want to connect AWS API Gateway and AMPLIFY Central?

Connecting AWS API Gateway to AMPLIFY Central will provide you with a global centralized view of your APIs and their related traffic.

Each AWS Gateway can be represented by an AMPLIFY Central environment allowing you to better filter APIs and their traffic. Supplied with the environment, two agents (Discovery and Traceability) interact with AWS API Gateway and AMPLIFY Central to:

  • Detect changes to AWS API Gateway stages and deployments using the Discovery Agent. The Discovery Agent pushes the service configuration as an API service for the environment, which can then be published as a catalog item to be used by consumers to subscribe to the service.
  • Filter the AWS Cloudwatch logs that are related to discovered APIs and prepare the transaction events that are sent to AMPLIFY Platform.

Discovery Agent

The Discovery Agent is used to discover new deployments and stage updates to existing deployments for publishing related APIs in AMPLIFY Central (either as a catalog item or as an API service). As part of the deployment package, use the provided cloud formation scripts to set up the following agent-dependent AWS Services:

  • AWS Config - Administers, audits and monitors resource configurations. Records and validates configuration changes.
  • AWS CloudWatch - Monitors resources and AWS applications in real time. Receives and routes supported AWS Service events.
  • AWS SQS - Decouples and scales microservices, distributed systems and serverless applications.

Service Discovery

Traceability Agent

The Traceability Agent is used to filter the AWS CloudWatch logs and prepare the transaction events that are sent to AMPLIFY Central and visible in the API Observer. Viewing your traffic helps you to identify the bottleneck and errors. The traffic can be filtered by environment in case multiples are involved in your topography. As part of the deployment package, you can use cloud formation scripts to set up the following agent-dependent AWS Services:

  • AWS CloudWatch - Monitors resources and AWS applications in real time. Receives and routes supported AWS Service events.
  • AWS Lamda - Runs code in response to events and automatically manages the computing resources required by that code.
  • AWS SQS - Decouples and scales microservices, distributed systems and serverless applications.

The types of logging you can do with API Gateway to CloudWatch:

  • Execution logging - API Gateway manages the CloudWatch logs.
  • Access logging - Developer managed custom logging.

For additional logging information, see https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html.

Service Discovery

Minimum requirements

Connect AWS API Gateway to AMPLIFY Central using CLI

The following is a high-level overview of the required steps to connect an AWS API Gateway environment to AMPLIFY Central:

  • Create a service account for the agent to communicate with AMPLIFY platform
  • Create an environment to group the APIs
  • Configure AWS services / roles (optional) / Infrastructure (oprional)
  • Deploy the agent in the choosen infrastructure (EC2 / ECS-fargate / Docker only)

You will be guided through this procedure using AMPLIFY Central CLI. See Deploy your agents with AMPLIFY CLI

Deploy your agents with AMPLIFY CLI

Learn how to deploy your agents using AMPLIFY CLI so that you can manage your AWS API Gateway environment within AMPLIFY Central.

Administer AWS Gateway cloud

As a Cloud Administrator / Operator, you are responsible for configuring and managing your organization’s AWS infrastructure. This topic contains setup and test details for the additional AWS services that are required for Axway’s agents to govern your AWS API Gateway service. The additional services which will be configured are AWS CloudWatch, AWS SQS, AWS Config, and AWS Lambda.

Administer AWS Gateway network traffic

Traffic is always initiated by the Agent to AWS and AMPLIFY Central. No sessions are ever initiated back to the Agent.

Administer AWS Gateway agent security

This section describes the main security features of the AWS API Gateway agents.

Feature - Discover APIs

You can set up tag-based condition expression(s) using the AWS_FILTER environment variable to discover APIs that could be added to AMPLIFY Central. Conditional expressions statements use logical operators to compare values. This section provides sample syntax for defining expressions.

Feature - Manage subscription workflow

A subscription provides the consumer, or subscriber, with the required security, quota and endpoint materials to correctly consume the API. The security material and/or quota to access an API is configured inside the usage plan on AWS API Gateway.

Reference - Agent configuration

Learn how to deploy your Discovery Agent and Traceability Agent using Docker containers so that you can manage your AWS API Gateway environment within AMPLIFY Central. Once agents are correctly deployed, they can collect the data from the AWS API Gateway and send it securely to AMPLIFY Central.

Get help with Connected AWS Gateway

This section provides troubleshooting, known limitations and restrictions that you may encounter while you are working with the connected managed environment for AWS API Gateway within AMPLIFY Central. It also provides tips you may find useful when working with this environment.


Last modified January 5, 2021: APIGOV-17163 Reorg Connect AWS Gateway (#1525) (2a9978ba)