bhanuc
commented
3 years ago Usually in such architectures, you would want to put the microservice in an VPC that is not accessible from outside and you refer to the microservice via its internal ip. Another alternative is to whitelist only certain ips (api gateway's ip) that can connect to the microservice instance.
Hello. I have currently configured express-gateway to communicate with a service on my backend exposed on a unique port on my machine and it's working fine. The gateway serves as a proxy to the services and currently does some security checks and jwt authentication. However, I'm concerned that if I don't put some sort of authentication on my service, then anyone who knows the port (or URL) my service runs on can directly access it and bypass the gateway directly. I'm looking for a way I can set up a sort of auth between the gateway and the service (maybe through keys) so that only the gateway can communicate with the services and not any other client. I currently can't find anything in the docs specifically for that. Also, if there's something wrong with my architecture, I'd appreciate it if you could point it out. Thank you. Would really appreciate any response as I've been on this for days and nobody is answering on stackoverflow.