Integrating a third party service into your AWS application

Last time we discussed the benefits of keeping your application entirely within the AWS ecosystem and what you would be losing out on if you introduced a third party service into your workload.

If that hasn’t completely put you off, then your next step is to identify candidate third party services. In this article, I want to help you answer the question: what qualities does a third party service need to have for it to be a good fit for us?

The following sections contain questions that you can use to help evaluate different third party services and get a picture in your mind of what would be involved in building and maintaining an integration to it from your application. Whether you’re choosing a third party service out of necessity (AWS doesn’t have an equivalent service) or you’ve had a bad experience with an existing service, most of these questions should still be relevant to your decision.

Trustworthiness

• Who is the company providing the service?
• Are they going to be about for the long term?
• What other customers do they have?

Functionality

• What features do you need from the service based on your use cases?
• Are there any case studies on the provider’s website whose use case closely matches yours?
• How active and open is the provider in delivering new features to their customers?

Pricing

• What are the units of pricing? Is it based on a monthly subscription fee or is it usage-based, as per the standard serverless model?
• If usage based, can you estimate your expected and max usage levels and verify that it’s acceptable?
• Is there a free plan?
• What is the risk of the provider changing the pricing after you’re in production to an unacceptable level?

Integration with your AWS services

• What does their API look like? REST/GraphQL/SOAP?
• Is the API well documented and clearly structured?
• Does it provide web hooks for notifying your application when important events occur? (e.g. when a user signs up in an auth service)
• Are there any examples or tutorials available for how to integrate the service with the AWS services that you’re using in your application?
• Does it have an official integration with EventBridge?
• Can you get away with an asynchronous-only integration and therefore not have your user-facing calls be dependent on this third party service?
• If not, can you find out the P50, P95 and P99 latencies for the critical path API calls you will need to make?
• Where are the provider’s data centres located relative to your AWS region? Is the third party service itself built on top of AWS infrastructure?

Security and Privacy

• What mechanisms does the provider offer for securing communication between your AWS services and its service?
• Can you avoid sending the service any sensitive data?
• If not, does the service comply with necessary data regulations (GDPR, HIPAA, etc)?
• Have there been any significant public data breaches reported?

Support

• What level of support does the service provide?
• Are there active online forums or Slack rooms where you can get quick answers to questions?
• Does StackOverflow have many questions related to this service? Pick a few and see how many are answered.

Developer Experience

• Is the web portal easy to navigate?
• Does the service provide a sandbox mode that would allow individual developers to work independently in isolation?
• Is there an open source SDK available that makes it easier to integrate with their API?
• Is there any other available developer tooling for the service that might improve developer productivity (e.g. VSCode extensions)?

DevOps

• Is there a mechanism for keeping the data and configuration for each environment (dev, test, prod) isolated?
• If so, does each environment provide separate security credentials (API keys, etc)?
• Is there an API/CLI for provisioning and configuring resources within the service? Or do you have to do it all via a web browser?
• Are there any examples of integrating the service via a CloudFormation Resource Provider, that would allow you to easily include the service as part of your standard CI/CD process?
• If not, how much effort would it be to write your own deployment script or resource provider?

Migrating away

• If you need to migrate away in the future, how would you get your data out?
• Are there any other lock-in aspects to consider? e.g. if migrating an auth service, you would probably need to force users to change passwords as these would be stored as hashes.

Still not decided?

If you’ve got this far and you’re not totally sold on integrating a third party service, you still have a few options available. Jared Short puts it nicely in this tweet:

“My thinking on serverless these days in order of consideration.

• If the platform has it, use it
• If the market has it, buy it
• If you can reconsider requirements, do it
• If you have to build it, own it”

and he clarifies further:

“… points 2 and 3 should be considered in parallel. Leaving the native ecosystem sucks in many cases.”

Are you integrating third party services within your AWS serverless application?

If so, I’d love to hear about it.

What services are you integrating? Why did you choose it over an equivalent AWS service (if applicable)? What have been your biggest challenges when building and operating the integration?

Just hit reply and let me know. If I get enough replies, I’ll share them in a future email.

— Paul