Day 41 – AWS Application Load Balancer vs. API Gateway
📌AWS Application Load Balancer vs. API Gateway📌
The first question is how you manage your API so that it will scale with your incoming traffic. AWS offers two solutions(AFAIK), AWS API Gateway and Application Load Balancer, but which one to choose?
Application Load Balancer
✅ Layer 7 load balancer, which automatically distributes incoming traffic to backend targets
✅ ALB support Web Application Firewall(WAF)protection out of the box
❌ ALB doesn’t cache responses
❌ ALB doesn’t provide any rate limiting(but throttling can be implemented via WAF) or bursting capability.
✅ Possible to get a static IP for loadbalancer endpoint using AWS Global accelerator.
✅ Accept both HTTP and HTTPS(SSL configuration required)traffic
❌ Can’t perform request validation, request/response mapping
❌ ALB can handle spiky traffic, but there is a delay, but that can be overcome by pre-allocating LoadBalancer Capacity Unit(LCU), but that will incur extra cost💰
❌ ALB is a regional service and can only integrate with Lambda in the same region
❌ You can’t import/export ALB rules in cross-platform
✅ ALB supports two Load Balancing strategy Round Robin or the least strategy
⌛️Timeout limit is 4000 seconds
🩺 You can define health checks in ALB to monitor the state of running resources in your target group.
💰 You need to pay for idle resources. Also, the calculation is more complex as it uses Load Balancer Capacity Units(LCU) which are harder to calculate. For more info
✅ Serverless API service from AWS. It acts as an entry-point for your application and site between applications and backend services.
✅ API gateway support Web Application Firewall(WAF)protection out of the box
✅ You can cache(need to pay extra $$🤑)(Cache size: 500MB — 237GB)(Timeout: 0–3600sec)the responses for a specific methods
✅ You can implement rate limiting(soft limit 10,000 requests per second)and bursting for API i.e. how often a user can call specific API
❌ Not possible to get a static IP for the url endpoint
❌ Only accepts HTTPS traffic
✅ Can perform request validation(use apache velocity template), request/response mapping
✅ Handle spiky traffic(default rate = 10k RPS, 5k burst rate)
✅ API can integrate with Lambda in different regions and in different AWS accounts.
✅ You can export/import API cross API platforms using tools like Open API 3.0 (formally known as swagger)
✅ API gateway only supports Round Robin load balancing
⌛️Timeout limit is 29 seconds
🩺 No health check available(you need to write your own custom health check)
💰 It’s a Serverless service, so pay per usage. For me, API gateway pricing is more transparent and based on the total number of requests(data transfer charges also apply). For more info https://aws.amazon.com/api-gateway/pricing/
🎬Which one to choose depends upon your workload. You can even integrate API Gateway with Application Load Balancer. You are adding load-balancing capabilities to your API gateway in this scenario. Check this doc for more info https://docs.aws.amazon.com/whitepapers/latest/best-practices-api-gateway-private-apis-integration/http-api.html. If cost is the driving factor, then it all depends upon the number of requests. lIf, your request transaction, is less than 500k per day(small response), then the API gateway is effective, but if it’s more than 500k, then ALB may be a more affordable solution. If you are looking for features rich solution and want to cut down your development team hours, then API gateway is a better choice.