13 Guidance on microservices

 

This chapter covers

    • How to design secure APIs for microservices
    • Sensitive data in a microservice architecture
    • Integrity of log data
    • Traceability across services and systems
    • A domain-oriented logging API

    In chapter 12, we looked at challenges in legacy code that often appear in monolithic architectures and how to apply secure by design fundamentals. In this chapter, we’ll focus on microservices, an architectural style that has grown in popularity in recent years. The topic is too large to cover fully in a single chapter, but we’ve selected an interesting set of challenges that are essential from a security standpoint. For example, you’ll learn how to deal with sensitive data across services, and why it’s important to design service APIs that enforce invariants. In addition, we’ll revisit logging one more time and explore challenges like traceability of transactions across services and systems, how to avoid tampering of log data, and how to ensure confidentiality using a domain-oriented logger API. But before we dive into the world of microservices, let’s establish what a microservice is.

    13.1 What’s a microservice?

    13.1.1 Independent runtimes

    13.1.2 Independent updates

    13.1.3 Designed for down

    13.2 Each service is a bounded context

    13.2.1 The importance of designing your API

    13.2.2 Splitting monoliths

    13.2.3 Semantics and evolving services

    13.3 Sensitive data across services

    13.3.1 CIA-T in a microservice architecture

    13.3.2 Thinking “sensitive”

    13.4 Logging in microservices

    13.4.1 Integrity of aggregated log data

    13.4.2 Traceability in log data

    13.4.3 Confidentiality through a domain-oriented logger API

    Summary