Learn how Monash University used Amazon API Gateway and AWS serverless technologies to build, secure, deploy, and operate private APIs for security automation across different AWS accounts, as part of their journey into DevSecOps. Uncover API Gateway private endpoints and discuss best practices for network connectivity, authentication, deployment, and monitoring. Learn how to set up private API connectivity to automate your services in AWS.
Speakers: James Lambeth, Senior Enterprise Security Architect, Monash University & Steve Gillard, Solutions Architect, AWS
6. Completely manual
The old way
AWS Cloud
Amazon VPC
Amazon VPCAmazon VPC
Web application
firewall
Amazon CloudFront
Security teamOperations team
Backend web
server
Backend web
server
Project team/faculty
members
End users
7. Phase one – prototype
The new way
AWS Cloud
Amazon VPC
AWS Secrets
Manager
Web application
firewall
AWS Lambda
function
Amazon DynamoDB
Amazon API
Gateway
Operations team
8. What next?
We still had a few outstanding questions…
• How do we make the API private?
• How can we make the API more resilient?
• How do the operations team call the API?
• How do we package the API for deployment?
9. Phase two – more features
The new way
AWS Cloud
Amazon VPC
AWS Secrets
Manager
AWS Lambda
Function
Amazon CloudFront
Backend web
server
Amazon VPC
Automation
pipeline Amazon DynamoDB
AWS Lambda
function
QueueAmazon API
Gateway
Endpoint
AWS CloudFormation
AWS Lambda
Function
Operations team
Ingress/Egress AccountAutomation Account
Web application
firewall