5 min.

Proxy concepts on AWS

An overview of proxy concepts on the AWS platform.

In cloud computing, "proxy" usually refers to a middleman entity, such as a server, that offloads tasks from the main unit, which is typically another server, application, or database.


On AWS, popular native proxies include RDS Proxy, Elastic Load Balancer, API Gateway, and even CloudFront.



Elastic Load Balancer


Previous article Load balancing concepts on AWS have thoroughly covered Elastic Load Balancer (ELB), highlighting its crucial role in enhancing application scalability and reliability on AWS. 


This brief overview will touch upon ELB's capability to efficiently distribute incoming traffic across various targets—ranging from Amazon EC2 instances, containers, and IP addresses to Lambda functions. By acting as an intermediary, ELB adeptly manages traffic loads, ensuring smooth operation across single or multiple Availability Zones. It offers a suite of load balancers designed to meet diverse application demands: the Application Load Balancer (ALB) and Network Load Balancer (NLB) for advanced routing and high-performance needs, alongside the Classic Load Balancer (CLB) for basic traffic distribution. 


Predominantly, ALB and NLB are favored for their robust functionality, serving as proxies across different OSI model layers and enabling effective autoscaling during traffic fluctuations.



API Gateway


API Gateway was previously mentioned as an AWS serverless service and  a AWS API management service.  This time I will show it from the proxy perspective. Exploring Amazon API Gateway from a proxy perspective reveals its pivotal role in facilitating seamless interaction between clients and backend services. As a versatile intermediary, API Gateway excels in routing, processing, and managing API calls, ensuring applications are scalable, secure, and efficient.


API Gateway's functionality as a proxy allows for the exposure of HTTP endpoints that seamlessly integrate with various backends, including EC2 instances, Lambda functions, and external web services. Its HTTP proxy integration capability straightforwardly forwards requests and responses, enabling it to function as a reverse proxy. This setup is particularly beneficial for use cases such as API migration, where API Gateway can redirect traffic from old endpoints to new ones without requiring any changes to the client applications. Through mapping templates, it adeptly transforms request and response formats between different API versions, ensuring compatibility and uninterrupted service.


Key functionalities that underscore API Gateway's proxy capabilities include:


Request Routing


Directs incoming API requests to the suitable backend resource, efficiently managing API traffic.



Data Transformation


Adjusts request and response data between frontend and backend, facilitating smooth data exchange.



Authentication and Authorization


Implements security measures to verify requests, granting access only to authorized users.



Traffic Management


Employs throttling rules to safeguard backend services from overload, while adeptly handling traffic spikes.



Monitoring and Logging


Leverages AWS CloudWatch integration for comprehensive API performance insights and diagnostics.





Enhances response times and reduces backend load by caching endpoint responses for frequently accessed data.



CORS Management


Controls access to APIs through Cross-Origin Resource Sharing settings, bolstering security.



Deployment and Versioning


Supports phased API deployment and version management, enabling systematic updates and maintenance.





Amazon CloudFront was previously highlighted as an AWS edge accelerator and mentioned in discussions on event-driven and microservices architectures on AWS


However also serves as a powerful proxy that enhances content delivery. Operating between end-users and origin servers, such as S3, EC2, and code repositories, CloudFront optimizes content delivery through its global network of edge locations.


The servicve acts as a sophisticated proxy that not only accelerates content delivery but also enhances security, provides extensive customization capabilities, and efficiently manages content caching and distribution, thereby improving both the user experience and content management efficiency.


Here's a concise overview of its operation as a proxy:


Content Delivery


CloudFront delivers content with low latency by caching it at edge locations worldwide. When a user requests content, CloudFront first checks for it at the nearest edge location. If present, the content is served immediately; if not, it's fetched from the origin, cached, and then delivered, significantly reducing load on origin servers and speeding up content delivery for users.



Dynamic Content Handling


Beyond static content caching, CloudFront enhances the delivery of dynamic content that requires real-time processing or personalization, effectively speeding up interactions by optimizing the route between the user and the origin.



Security Features


With integrated DDoS protection and AWS WAF, CloudFront safeguards against malicious traffic and spikes, maintaining content availability and security. It supports HTTPS, using SSL/TLS encryption for secure data transmission between clients and the network, and between CloudFront and origin servers.



Customization and Control


Developers can tailor request and response handling using Lambda@Edge, allowing for dynamic content modification or redirection based on user-specific factors such as location or device type. This positions CloudFront as a versatile, programmable proxy.



Efficient Origin Fetching


For cache misses, CloudFront retrieves content from the origin and caches it for subsequent requests, minimizing direct origin accesses and streamlining content delivery.



Geographic Content Control


CloudFront enables geo-blocking to restrict content delivery based on user location, ensuring compliance with regional licensing agreements or content distribution laws.



RDS proxy


Amazon RDS Proxy is an intriguing AWS solution aimed at making SQL databases more responsive and reliable. It operates in a manner somewhat similar to AWS Read Replicas, which are another excellent feature of RDS, yet they possess distinct capabilities.


Whereas Read Replicas serve as read-only copies with independent endpoints, RDS Proxy is designed to handle both writes and reads, thereby helping to manage connections more efficiently by focusing on pooling and reusing connections.


Connection pooling is a crucial aspect of database management ( not only for RDS but for standalone databases alike), as it manages the number of connections a database can simultaneously maintain with applications. This becomes especially critical in serverless architectures, where each service or function might require independent access to the database or where application frequently open and close database connections, potentially leading to a high number of concurrent connections.


Acting as an intermediary between applications and databases, RDS Proxy significantly streamlines connection management through effective connection pooling. This approach allows multiple applications to share a set of database connections, efficiently distributing resources without the need for additional database provisioning.


Key benefits of RDS Proxy include:




By facilitating connection pooling, RDS Proxy enables a higher number of concurrent connections to share a smaller pool, thus improving application scalability and reducing the need for direct database resource scaling.





It enhances database availability, minimizing failover times and maintaining stable connections during database failovers, thus ensuring uninterrupted application performance.





RDS Proxy boosts security measures by integrating with AWS IAM for database authentication and using AWS Secrets Manager for secure credential storage, streamlining authentication processes and safeguarding sensitive information.



Compatibility and Ease of Integration


Supporting popular database engines like Amazon Aurora, MySQL, and PostgreSQL, RDS Proxy is designed for seamless integration, often requiring minimal to no changes in existing application code.





Proxy vs VPN - Difference Between Intermediary Technologies - AWS

RDS Proxy concepts and terminology - Amazon Relational Database Service

Set up a proxy integration with a proxy resource - Amazon API Gateway

What is Amazon API Gateway? - Amazon API Gateway

Can I use API Gateway as a proxy to redirect a Rest API from a site to another?

What is Amazon CloudFront? - Amazon CloudFront

FAQs | What is Amazon Cloudfront CDN?