Complex Infrastructure
The airline preferred AWS Fargate over EKS, while Apigee Hybrid required Kubernetes, creating architectural alignment challenges and a learning curve within the internal teams.
British Airways is a leading UK-based airline that has been serving customers with the best flying experience for more than 100 years. This airline connects the UK with the world by offering both domestic and international flights. With its affiliates, this airline operates around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa, and Australia. These leading airlines consistently prioritize sustainability at the heart of their operations to achieve zero carbon emissions in the coming years.
British Airways was seeking a scalable and flexible API management solution to support its expanding digital infrastructure. To ensure effortless API management with complete infrastructure control, they aimed to implement Apigee Hybrid on AWS Elastic Kubernetes Services (EKS).
Implementing Apigee Hybrid on AWS EKS required careful architectural planning to balance scalability, security, and operational ownership. The environment demanded Kubernetes-native deployment, full infrastructure automation using Terraform, and strict alignment with the airline’s internal security policies. Identity federation, image vulnerability scanning, PCI scope reduction, and hardened network configurations were essential to meet compliance standards. Additionally, phased API migration, testing frameworks, and validation controls were implemented to ensure stability across mission-critical airline services.
Travel
Apigee
Apigee Hybrid on AWS EKS
The airline preferred AWS Fargate over EKS, while Apigee Hybrid required Kubernetes, creating architectural alignment challenges and a learning curve within the internal teams.
Migrating live APIs to Apigee Hybrid posed risks of downtime, broken integrations, and performance degradation across critical airline systems.
Operating in a hyper-secure environment required strict InfoSec approvals, platform hardening, vulnerability management, and secure identity configurations.
Unlike the previous SaaS-based APIM, Apigee Hybrid required PCI compliance within the airline’s own infrastructure, increasing regulatory complexity and potential operational overhead.
Looking to implement Apigee Hybrid on AWS EKS for full infrastructure control and compliance? Learn how our Apigee specialists build resilient, future-ready API platforms.
Explore our Google Apigee ExpertiseThe airline’s internal team managed AWS EKS, creating coordination and deployment consistency challenges. We collaborated closely to streamline responsibilities, provide troubleshooting support, and ensure a stable, well-aligned infrastructure foundation for Apigee Hybrid.
To eliminate configuration drift and manual errors, we implemented Infrastructure-as-Code using Terraform. This ensured consistent, repeatable deployments across environments while reducing operational risk and setup time.
Apigee Hybrid was deployed within the AWS EKS cluster to provide scalable and flexible API management while allowing the airline to retain full infrastructure control. The architecture was designed for long-term scalability and operational resilience.
To prevent service disruption, we adopted a gradual, stage-by-stage migration approach. APIs were transitioned systematically with extensive validation and performance testing to maintain stability across live services.
We implemented Workforce Identity Federation, enforced strict service account policies, conducted vulnerability scans, and applied a comprehensive Apigee Hybrid hardening framework to align with financial-grade security standards.
To reduce compliance complexity, PCI-sensitive data was tokenized before reaching Apigee. This eliminated the need for PCI certification at the API layer, lowering cost, risk, and operational overhead while maintaining regulatory compliance.
Successfully implemented Apigee Hybrid on AWS EKS, delivering greater infrastructure control, flexibility, and long-term scalability.
Automated the entire setup using Infrastructure-as-Code, reducing manual errors and ensuring consistent, repeatable deployments.
Executed a phased migration strategy that ensured minimal downtime and uninterrupted service for existing users.
Enhanced platform security through comprehensive hardening and vulnerability scanning, while eliminating PCI scope to reduce compliance costs and operational complexity.
Tell us what you're looking for and we'll get you connected to the right people.