May 27, 2021
3 min read

Kong Konnect Enterprise & Amazon Elastic Container Service Anywhere (ECS-A)

Claudio Acquaviva
Principal Architect, Kong

One of the most powerful capabilities provided by Kong Konnect API Cloud Platform is the support for Hybrid deployments. In other words, it implements distributed API Gateway Clusters with multiple instances running on several environments at the same time.

Moreover, Kong Enterprise provides a new topology option, named Hybrid Mode, with a total separation of the Control Plane (CP) and Data Plane (DP). That is, while the Control Plane is responsible for administration tasks, the Data Plane is exclusively used by API Consumers.

Read more about Hybrid deployment.

Kong Konnect Enterprise Features

Kong Gateway Enterprise including modules and plugins that extend and enhance the functionality of the Kong Konnect platform.

  • Kong Gateway is a lightweight, fast, and flexible cloud-native API gateway. The gateway runs in front of any RESTful API.
  • Kong Admin API provides a RESTful interface for administration and configuration of Services, Routes, Plugins, and Consumers.
  • Kong Dev Portal is used to onboard new developers and to generate API documentation, create custom pages, manage API versions, and secure developer access.
  • Kong Immunity uses machine learning to autonomously identify service behavior anomalies in real-time to improve security, mitigate breaches and isolate issues.
  • Kubernetes Ingress Controller – Kong for Kubernetes Enterprise (K4K8S) is a Kubernetes Ingress Controller.
  • Kong Manager is the Graphical User Interface (GUI) for Kong Gateway (Enterprise). Use Kong Manager to create new routes and services, activate or deactivate plugins, organize teams, adjust policies, and monitor performance.
  • Kong Gateway plugins provide advanced functionality like authentication, rate-limiting, and transformations.
  • Kong Vitals provides useful metrics about the health and performance of your Kong Gateway (Enterprise) nodes, as well as metrics about the usage of your gateway-proxied APIs.
  • Insomnia enables spec-first development for all REST and GraphQL services.

Kong and AWS

Kong's plug-in architecture and open-source core make the platform extensible for any use case. Kong accelerates moving mission-critical services to the AWS cloud by reducing disruption to the business during and after migration. Kong works and supports all AWS platforms including EC2/ASG, EKS, Lambda, ECS, etc.

Also, Kong enables AWS services integration to legacy on-premise systems that are not designed to handle cloud-volume requests like RDS, Aurora, ElastiCache, Elasticsearch, Cognito, etc.

At the same time, in order to support API Lifecycle processes, Kong provides tools to enhance existing CI/CD pipelines implemented with AWS DevOps services like AWS CodeCommit, AWS CodeBuild and AWS CodePipeline.

Kong Konnect Enterprise and Amazon Elastic Container Service Anywhere (ECS-A)

Amazon Elastic Container Service (ECS) has been one of the most used platforms to deploy Kong Konnect Enterprise API Gateway Cluster. As an example, here is a short presentation on how Kong can take advantage of ECS:

Amazon ECS Anywhere (ECS-A), an extension of Amazon ECS, will allow customers to deploy native Amazon ECS tasks in any environment. This will include the traditional AWS managed infrastructure, as well as customer-managed infrastructure, to implement real Hybrid deployments.

Reference Architecture

This post will explore how to use Amazon ECS-A and Kong Konnect Enterprise to implement a Distributed API Gateway.

Here’s a Reference Architecture of a Hybrid Kong Konnect Enterprise Cluster implemented in Elastic Container Anywhere (ECS-A)

  • The first ECS Cluster implements the Control Plane. Notice the PostgreSQL Database, Control Plane’s metadata repository, is located behind the CP.
  • The second ECS Cluster implements the Data Plane. Notice it’s totally db-less since it connects to Control Plane to receive all APIs definitions with their policies.
  • The AWS Secrets Manager is responsible for storing the Konnect Enterprise license file as well as the Digital Certificate and Private Key pair used to build an encrypted tunnel both Planes use to communicate to each other.


Kong Konnect Enterprise and Amazon ECS-A make it easy to run services in Hybrid deployments across multiple platforms. You can learn more about products showcased in this blog through the official documentation: Amazon Elastic Container Services and Konnect Enterprise.

Feel free to apply and experiment your API policies like caching with AWS ElastiCache for Redis, log processing with AWS Elasticsearch Services, OIDC-based authentication with AWS Cognito, canary, GraphQL integration, and more with the extensive list of plugins provided by Kong Konnect.

This is the Part I of the Kong Konnect Enterprise and AWS ECS-A blog post series. Check back for Part II, including a detailed tutorial on how to deploy Konnect on ECS-A.