poornima-krishnasamy
commented
8 months ago Hi @emileswarts , is this ticket still relevant and required or have you decided to go on a different approach?
Closed emileswarts closed 8 months ago
poornima-krishnasamy
commented
8 months ago Hi @emileswarts , is this ticket still relevant and required or have you decided to go on a different approach?
poornima-krishnasamy
commented
8 months ago The approach mentioned in the ticket uses AWS load balancer to add the vpc link and a seperate security-group to update the existing VPC.
The current architecture of the Cloud Platform doesnot include AWS load balancer. And the existing NLB that is linked to the ingress controllers are shared for all users of the platform.
The current options to connect external users to CP is via Internet or through Transit Gateway. We are not planning to implement any other routes to access app deployed in CP.
If you have any comments, pls contact us in #ask-cloud-platform channel. Happy to discuss
Service name
HMPPS Integration API
Service environment
Impact on the service
Potential delays to going live if security is unable to sign off on this.
Problem description
Support API Gateway in front of EKS as mentioned here: https://aws.amazon.com/blogs/containers/integrate-amazon-api-gateway-with-amazon-eks/
Having API gateway in front of EKS provides a number of benefits, such as: Client specific views on usage Client specific limits Client specific authentication keys Support for mutual TLS as an authentication mechanism
While it is possible to send requests directly to our EKS service (HTTP backend integration), this would traverse the public internet. A more secure approach would be integrating with PrivateLink, and have the containers run in a private subnet.
Contact person
Emile Swarts (emile.swarts@digital.justice.gov.uk)