In chapter 6 and chapter 7, we discussed how to secure service-to-service communications with mTLS and JWT. Chapter 8 extended that discussion and explained how mTLS and JWT can be used to secure communications happening over gRPC. In all those cases, our examples assumed synchronous communications between the calling microservice and the recipient microservice. The security model that you develop to protect service-to-service communications should consider how the actual communications take place among microservices: synchronously or asynchronously.
In most cases, synchronous communications happen over HTTP. Asynchronous communications can happen over any kind of messaging system such as RabbitMQ, Apache Kafka, NATS, ActiveMQ, or even Amazon SQS. In this chapter, we discuss how to use Kafka and NATS as a message broker, which enables microservices to communicate with each other in an event-driven fashion, and how to secure the communication channels.