Chapter 11. Citadel
While the API Gateway is useful for providing a single entry point to your services, it is vulnerable to attack. In this chapter, you will learn how to secure the system from attackers using an HTTP(S) Load Balancer with an SSL/TLS certificate and Cloud Armor. Effectively, you will be building the wall (or more accurately, firewall) of the citadel to protect the application inside.
Note
The code for this chapter is in the citadel folder of the GitHub
repository.
Securing from Attackers
In Chapter 9, you put services behind an API Gateway. In this chapter, you are going to protect them further.
Adding a Custom Domain
The Google API Gateway exposes a single URL to access the services behind the API. This is an HTTPS endpoint offering a secure connection. Similarly, putting the UI in a Cloud Storage bucket and exposing it as a website has provided a secure URL. However, it is more useful to put the API and the UI behind the same custom domain name. It is also useful to protect the API Gateway and UI behind a Global Load Balancer and provide your custom HTTPS URL with a valid SSL certificate. As part of Google’s global networking infrastructure, a Global Load Balancer also provides additional benefits such as high availability and scalability, optional caching via a global content delivery network (CDN), and protection against distributed denial-of-service (DDoS) attacks.
Setting up a Global Load Balancer has many steps, and you will work through them in this ...
Get Cloud Native Development with Google Cloud now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
