Over the past 90 years, Nationwide became one of the largest insurances and financial services companies in the world by focusing on customers and valuing people.

Even though they have dozens of affiliated companies, people are their biggest resource. And Nationwide’s greatest asset in providing excellent customer service to their customers. That is why their Procurement group makes sure their agents and associates get the best quality products and services, at the best possible cost. It is also why they have an Office of Customer Relations.


Security is an essential element of any application especially when it comes to the Restful API layer. Thousands of calls are made daily to share information via Rest APIs, making security a top concern for all organizations in all stages: designing, testing, and deploying the APIs. We are living in an era where our private information is more vulnerable than ever before, so it is very important to protect your APIs from threats and vulnerabilities that keep on increasing daily.

In addition to all the guidelines available for building a secure API, an important step is to make your API private. Attackers will not be able to launch any attack on your API if they cannot find it. Exposing your APIs to the public will add a range of security and management challenges that you can avoid.
While it is easy to spin up simple these cloud architectures, mistakes can easily be made provisioning complex ones. Human error will always be present, especially when you can launch cloud infrastructure by clicking buttons on a web app.

The only way to avoid these kinds of errors is through automation, and Infrastructure as Code is helping engineers automatically launch cloud environments quickly and without mistakes.

Why Amazon Web Services

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. You can simply upload your decision service to AWS Lambda, configure an API Gateway, and start responding to RESTful endpoint calls.

From the security standpoint, Amazon has introduced AWS PrivateLink so you can choose to restrict all your API traffic to stay within your Amazon Virtual Private Cloud (VPC) which can be isolated from the public internet. Now you can create a private API in your Amazon API Gateway that can only be accessed from within your VPC. It eliminates the exposure of data to the public internet by providing private connectivity between VPCs, AWS services, and on-premises applications securely on the Amazon Network.

The CloudLink Solution

Architecture - 1st Phase

The developer can use Rule Designer as an Eclipse-based development environment of IBM Operational Decision Manager to create rule applications that automate the implementation of business policies. Once the rule application is created in the Rule Designer, the developer can migrate the application to a java standard edition environment to easily upload it to AWS Lambda which supports Java Runtimes (8,11).

Once the rule application is deployed to AWS Lambda, you can invoke it as a lambda function over HTTPS by defining a custom REST API and endpoint using Amazon API Gateway, and then mapping individual methods, such as GET and POST, to the specific Lambda function.

Architecture - 2nd Phase

With the ability to have private API endpoints inside your own VPC, you can still use API Gateway features, while securely exposing REST APIs only to the other services and resources inside your VPC.

API Gateway private endpoints are made possible via AWS PrivateLink interface VPC endpoints. Interface endpoints work by creating elastic network interfaces in subnets that you define inside your VPC. Those network interfaces then provide access to the API Gateway running in its VPC.

API Gateway as a fully managed service runs its infrastructure in its own VPCs. When you interface with API Gateway publicly accessible endpoints, it is done through public networks. When they’re configured as private, which is the case in the proposed architecture, the public networks are not made available to route your API. Instead, your API can only be accessed using the interface endpoints that you have configured.

Because you configure the subnets in which your endpoints are made available, you control the availability of the access to your API Gateway hosted APIs. Make sure that you provide multiple interfaces in your VPC. In the above diagram, there is one endpoint in each subnet in each Availability Zone for which the VPC is configured.
Each endpoint is an elastic network interface configured in your VPC that has security groups configured. Network ACLs apply to the network interface as well.

The Benefits

API Gateway private endpoints enable use cases for building private API–based services inside your own VPCs. You can now keep both the frontend to your API (API Gateway) and the backend service (Lambda, EC2, ECS, etc.) private inside your VPC. Or you can have networks using Direct Connect networks without the need to expose them to the internet in any way. All of this without the need to manage the infrastructure that powers the API gateway itself!

Execution without servers is gaining traction. If you are unfamiliar with the definition, the idea is that you only supply the code you want to run, and the platform would magically make it available as a service. It is serverless, so you, the user, do not have to provide a server in any way, shape, or form. The best aspect, and the explanation for its recent success, is that you just pay for the execution time, while historically you will have to pay for the server to be up and running.

It is a very versatile and inexpensive approach of this type. In contrast to paying for provisioned idle servers that remain unused, the expense is dependent on what the organization needs. Serverless provides an unparalleled alignment between resource allocation and utilization of resources; a pair that is here with high-speed caching technologies and the next wave of elastic computing.

About CloudLink

CloudLink takes pride in procuring the “Next Gen” cloud experience and IT consultation to its customers. We are a team of highly skilled professionals that will guide and assist you in efficiently planning, designing, building, mitigating, running, and optimizing your cloud environments.

Our dedicated experts offer a range of services to our valuable customers varying from automation, proactive monitoring, management, and maintenance of our customer’s cloud environment. Our expert team has accomplished third-party audits and is highly skilled in dealing with application migration and cloud infrastructure.

Drive innovation and boost up the performance of your company by simply signing up to our full spectrum of digital, analytics, and enterprise cloud services. The initial procedures will comprise a detailed evaluation of the organizational goals and growth strategy of your company, followed by the design phase. With our technical expertise, we will design, implement, and manage your customized cloud infrastructure to help you attain your business objectives swiftly and systematically.

CloudLink is your right cloud partner if you are looking to start your cloud migration as it guarantees to augment your organization’s digital transformation, and performance to make your company stand out amongst the competitors.

A cloud in mind ?
Contact us !

How can we help ?