SquareConnecting Block Business Units with AWS API Gateway
Read Full ArticleSummary
The article discusses the integration of newly acquired companies into Block's infrastructure using AWS API Gateway and mTLS for secure communication. It outlines the challenges faced during integration, such as maintaining security standards and scalability, and presents a solution involving a serverless proxy architecture that allows for seamless communication between Block's services and those of the acquisitions. The system leverages AWS services like Fargate and API Gateway to manage identity translation and secure connections, ensuring that acquisitions can operate within Block's service mesh without extensive modifications to their existing technology stacks.
Key Learnings
- 1The importance of maintaining a balance between security and operational efficiency when integrating new acquisitions into existing infrastructures.
- 2How mTLS and SPIFFE identities can be utilized to ensure secure communication across different service environments.
- 3The architectural decision to use a serverless proxy model to facilitate integration without requiring invasive changes to acquisition services.
- 4The role of AWS services like API Gateway and Fargate in creating a scalable and flexible integration solution.
- 5The necessity of a centralized identity management system to maintain consistent identity semantics across various services.
Who Should Read This
Senior Cloud Engineers implementing secure multi-tenant architectures using AWS services
Test Your Knowledge
What are the trade-offs of using a serverless proxy architecture versus a traditional sidecar model for service integration?
How does the use of mTLS enhance security in the context of integrating multiple acquisitions with varying security postures?
What challenges might arise when scaling the integration solution to support additional acquisitions, and how can they be mitigated?
Why is it critical to maintain a 1:1 mapping of identity semantics throughout the system, and what could be the consequences of failing to do so?
How does the design of the API Gateway paths contribute to the security and integrity of service communications between Block and its acquisitions?
Topics
More articles about AWS
Explore AWS engineering →Complexity is a choice. SASE migrations shouldn’t take years.
The article emphasizes the shift in the cybersecurity landscape regarding SASE migrations, arguing that complexity is a choice rather than an inevitability. It showcases how Cloudflare's SASE...
AWS Weekly Roundup: Amazon Connect Health, Bedrock AgentCore Policy, GameDay Europe, and more (March 9, 2026)
The article provides a comprehensive overview of recent updates and launches from AWS, highlighting innovations such as Amazon Connect Health, which offers AI-driven solutions for healthcare, and the...
Native .NET Buildpack Support is Now Available on App Platform
DigitalOcean has announced native .NET buildpack support on its App Platform, enabling developers to deploy .NET applications directly from a Git repository without the need for Dockerfiles. The...
Introducing OpenClaw on Amazon Lightsail to run your autonomous private AI agents
The article introduces OpenClaw, an autonomous private AI agent, now available on Amazon Lightsail. It details the process of launching an OpenClaw instance, which is pre-configured with Amazon...
See risk, fix risk: introducing Remediation in Cloudflare CASB
The article introduces a significant enhancement to Cloudflare's Cloud Access Security Broker (CASB) by launching a Remediation feature that allows users to directly fix risky file-sharing...
More from Square Engineering
View Square engineering blogs →A Massively Multi-user Datastore, Synced with Mobile Clients
The article discusses the architectural design of a massively multi-user datastore developed at Square, which is tailored to manage extensive merchant catalogs synced with mobile clients. It...
Command Line Observability with Semantic Exit Codes
The article presents a novel approach to enhancing command line tool observability at Square by introducing semantic exit codes inspired by HTTP status codes. By categorizing exit codes into user...
Celebrating the release of Android Studio Electric Eel
The release of Android Studio Electric Eel introduces a significant performance enhancement through a new parallel project import feature, which reduces average sync times for large codebases by 60%....
Developer Spotlight: Reference Health
The article highlights the journey of Reference Health, a platform that integrates Square's payment solutions into healthcare systems, enabling providers to accept secure payments directly through...
Stampeding Elephants
The article 'Stampeding Elephants' presents a case study from Square's Mobile Developer Experience (MDX) Android team, detailing their journey to modernize the build logic of their Point of Sale...