By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Recommended Architecture - One HTTP API Gateway vs Multiple HTTP API Gateways

0

In the scenario where i have the following tenants - users, practitioners, admins. I have separate login and registration flows and pages for each as well as separate user pools. Should I have one HTTP API Gateway or multiple separate HTTP API Gateway, I'm wondering what is the recommended pattern, having separate API Gateways (see diagram attached for multiple-gateway approach) - seems like the cleaner, better structured approach but is more expensive and requires a lot more management.

I'm wondering because when I researched online multiple gateways seem to be recommended and more tailored to Microservices, however I'm dealing with a Monolith and all API Gateways will be pointed to the same internal-load balancer through PrivateLink and to a single ECS target group.

Enter image description here

These are my thoughts on pros and cons of each approach:

Multiple API Gateways:

Pros:

  • Cleaner structure, better separation of concerns
  • Deployment of each gateways is independent
  • No mixing of Cognito JWT Authorisers related to separate user pools within the same Gateway
  • Separate api domains e.g. admin.api.example.com, user.api.example.com, practitioner.api.example.com

Cons:

  • More to manage in the console and Terraform (I'm a single DevOps engineer)
  • More expensive

Single API Gateway:

Pros:

  • Single deployment
  • Less to manage, and less Terraform to write
  • Cheaper

Cons:

  • Less clean structure, everything in one place
  • If one /path is incorrect and requires changes everything needs to be re-deployed together
  • Different Cognito JWT Authoriser's within the same API Gateway
Topics
ServerlessFront-End Web & MobileNetworking & Content DeliveryMicroservicesSecurity, Identity, & Compliance
Tags
Amazon API GatewayElastic Load BalancingMicroservicesAmazon Cognito User PoolsTerraform
Language
English
taxmann
asked 12 days ago354 views
1 Answer
1

Since you have one big application right now and you're the only DevOps person, a single API Gateway probably makes the most sense.

Keeps things simpler -> One gateway means less to set up and keep track of. That's a lifesaver when you're juggling everything yourself. Save Money --> Fewer gateways mean fewer AWS resources being used, which means a smaller bill. But, here's the thing, if you really value these things, multiple gateways might be worth the extra work down the road:

  • Cleaner Orgs - One gateway per tenant (users, practitioners, admins) keeps everything neatly separated, easier to change one without affecting others.
  • Best Security - If someone messes up on the admin side, it doesn't automatically put the user gateway at risk.
  • Future Ready - If you ever decide to break your monolith into microservices, you're already set up with multiple gateways.

Here's a couple more things to mull over:

Crazy traffic differences: If one tenant gets way more traffic than the others, having separate gateways can help balance things out. Long-term plans: Are those microservices something you seriously see yourself doing? If so, multiple gateways right away might be wise.

The bottom line is there's no single right answer. If you're not sure, start simple!

profile picture
GK
answered 12 days ago
profile pictureAWS
EXPERT
ben-from-aws
reviewed 12 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content