I have started a monolith using a NodeJS with Elastic Beanstalk, exposing the api with Route 53 and Cloud Front just to launch my mvp/pilot.
I’ve designed the architecture to easily decouple into micro services.
I was wondering, how to decouple it, or maybe create new domains as a Lambda, and keep both words in parallel, by leaving the Elastic Beanstalk live until every service be decoupled as a lambda micro service.
At the moment, the endpoint is “api.domain.com/v1…”.
As far as im aware, Lambda works with Api Gateway. Is possible to keep them in the same “api.domain.com…” or should I have a different subdomain to orchestrate the lambdas with the API Gateway?
You should start by setting up API Gateway and placing it in front of your Elastic Beanstalk API. So your domain would then point to API Gateway, and it would be setup to send requests to your Elastic Beanstalk backend.
You could start by doing this without a custom domain in API Gateway, and once it is working, configure the custom domain settings and update your DNS so the domain then points at API Gateway.
After you get API Gateway working with Elastic Beanstalk, you would then be able to start configuring specific paths in the API to go to Lambda functions instead of Elastic Beanstalk.
Related
Can Global Accelerator or Load balancer route traffic to APIs on AWS API Gateway where APIs have backend micro services outside of AWS? My clients are coming from internet, they need to call various APIs deployed on AWS Apigateway where the backend micro services mostly outside of my AWS account, they are either on another AWS account and most of then on NON AWS infra.
My job is to build APIs on AWS Gateway and have them exposed to external partners. I don't own micro services.
Any help is highly appreciated.
I've just used AWS Amplify to create my react frontend and AppSync API which is nice. I have a spring batch project that I've deployed to ec2 using elastic beanstalk and codepipeline which works fine.
I can also call the REST endpoints on postman but the problem is how do I programmatically update the API endpoint URL in my frontend project given that I do terminate and re-create the elastic beanstalk environment on a daily basis?
Based on the comments.
You sadly can't add ssl to myrestapi.ap-southeast-2.elasticbeanstalk.com. The reason is that this is domain controlled by AWS. You can only request SSL certificates for domains that you control (i.e. own):
Before ACM issues a certificate, it validates that you own or control the domain names in your certificate request. You can use either email validation or DNS validation.
Thus if you want to have ssl for your EB, you need to have your own domain. You can get one from Route53:
Creating an Amazon Route 53 record that routes traffic to your Elastic Beanstalk environment
If you are constantly changing your EB, its URL will be changing as well. Thus you would need to setup some automation procedure to update the record set in Route53 to new url. There are examples for that, though they would need to be adapted specifically to your use-case:
A Dynamic DNS system built with API Gateway, Lambda & Route 53.
Building a Dynamic DNS for Route 53 using CloudWatch Events and Lambda
I followed A Practical Guide to Deploying Microservices on AWS to deploy an internal API in AWS ECS. However the guide fails to mention how to access the API via internet.
There are examples (Access Private applications on AWS Fargate using Amazon API Gateway PrivateLink | AWS Compute Blog) on how to do this, if the app is behind a NLB, however this one is an ALB. Is there any such examples on how to access this internal api?
I have front-end hosted on a server which calls the Back-end server i.e. an Elastic Load Balancer(ELB), and using Elastic Beanstalk for deployments hence it takes care of autoscaling.
Ember/Front-end -> ELB -> Autoscaled EC2 instances with Nginx servers
Now I want to add API Gateway in between and ensure that ELB takes requests from API Gateway only. I found that-> here <-
But, I am using AWS Certificate manager to push my SSL certififcates, not sure how to use the PEM file/cert provided by API Gateway.
Is it possible to push the API Gateway provided Client Side Cert file through Certificate manager(console/cli/anywhere) along with the SSL certs that I bought ?
Is it possible to terminate SSL at ELB and use the API Gateway key.
To my horror, do I need to manually configure the certs on nginx config in the .ebextensions file ? if yes, the is there a better way to not push the file son the code repo and use them separately ?
The best way to do this is:-
If you are using Elastic Beanstalk in a VPC and are not of a view to rebuild the configuration. Then create an Elastic Load Balancer, attach it to a Target group, which targets an Autoscaling group's instances(make sure to attach the Target group in the Autoscaling group configuration as well, so that it keeps connected even when the instances are up/downscaled).
Or build a new conf. using the Network Load Balancer. Make sure that the Network load balancer is of scheme private i.e. not exposed to public/internet.
Next step is to create a VPC Link in API Gateway(you see an option in the API Gateway Console left menu-bar).
More information: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html
I want AWS gateway API to be entry point of application cluster. I have 20+ machines running in my VPC which are required for various purposes (RMQ, Worker, etc). I was expecting gateway api to offload the SSL, authenticate request with AWS signature and then forward it to my ELB. And then, some way to secure my internet facing ELB to accept requests just from API gateway. Turns out it's not possible. I have to run SSL on my deployed NGINX server and use AWS client certificate authentication to validate the origin of request. This still keeps my end points exposed to DDos and there is overhead of SSL as well.
Now, with newly launched network load balancer and VPC link at gateway api level is is possible to achieve above?