Rapidly build secure serverless microservices using AWS
Aditya Parasrampuria
September 8, 2020

Enhanced application availability, improved performance, faster time-to-market, and easy scalability have made microservices a popular architectural choice for enterprises looking for scalable and secure applications. Focused on building business functionalities, microservices make it easier to build and maintain apps. It allows decoupled services written in different programming languages to coexist with other fragments, giving enterprises the flexibility to use different technologies. 

This blog will share our experience of helping a print e-commerce company deploy a highly scalable, available and easily manageable microservices architecture in a short time, using AWS services. They had multiple services spread across business units in different geographies and wanted to set up a consistent communication and service access protocol. 

The print e-commerce firm already had a gateway server to access their backend services, which also acted as a router and token validator. Therefore, they wanted a microservice architecture that would be compatible with their gateway server and route requests. Moreover, some of their core services like shipping, price calculator, etc. used legacy endpoints. They wanted a microservice to be compatible with these endpoints. 

Building serverless microservices on AWS

To address their requirements, we designed microservices using a combination of API Gateway and Lambda. API Gateway can route requests to a variety backend layers like applications hosted on EC2, Lambda functions, etc. We chose Lambda because of its inherent serverless capabilities. The API Gateway-Lambda combination had the following advantages:

Securing microservices

Securing the microservices is important to ensure that the business applications can be accessed only by the eligible users (Authentication) and they can access only the services required to perform their job (Authorization). 

OAuth 2.0 is the most widely adopted protocol for authentication and authorization. However, ensuring scalability and security compliance of OAuth 2.0 server can be time and resource consuming. To address this challenge, we used AWS Cognito, which is a serverless user directory and integrates easily with AWS services. It authenticates customers using front-end interfaces like mobile and web applications and generates a token to authorize their access to various endpoint microservices and their REST resources.

The diagram below details the microservices architecture:


The stack specified above can be very useful in achieving a highly scalable and easily manageable microservices architecture in a short span of time, using AWS services, for the needs of your enterprise without compromising on security, availability and flexibility.

For our customer, it yielded the following advantages –

  1. Helped marketer from their different business units to define new product catalogue and offers in a span of less than one day as against around three days taken earlier which translates into a time saving of more than 60%. Additionally, this was integrated with their existing CMS.
  2. Decoupled business logic from application code. This simplified deployment process and reduced web application deployment time by around 20%. 
  3. Simplified roll out of a revamped web portal for a business unit based out of France. This reduced their new backend application deployment efforts by around 35% in terms of time taken.
  4. For another business unit of the client, which is based out of UK, this approach helped upgrade their 15 year old legacy platform to a new application framework (frontend + backend) in 40% lesser time as planned earlier. They have also achieved 20% revenue growth over past year because of the application being more available. Moreover, share of online platform in their total sales jumped more than 30% as earlier 3% of their sales came from online channels while after microservices were deployed, that share went up to close to 4%.