I have a kotlin REST microservice exposing several endpoints on beanstalks, and an AWS API Gateway.
I want to know if there is a lib or service doing the following :
Discover the enpoints deployed on one (or several) microservice(s)
Generate and deploy API Gateway documentation, preferably with some config to tell what endpoint we want to hide / display on the gateway
Related
There are two versions of the AWS API Gateway:
REST version
HTTP version (v2)
I am using the newer HTTP version with a lambda authorizer and would like to protect my staging/test environments from outside requests. One idea is to put a WAF in front of the API gateway, but unfortunately only the REST version of the gateway supports a WAF.
Any suggestions for how to protect these resources so they can only be accessed from a specific IP range? (Company VPN)
When using API Gateway, the HTTP API type misses some of the Security options that we have available when comparing it with a REST API, as we can see in the following table:
Security
HTTP API
REST API
Mutual TLS authentication
✓
✓
Certificates for backend authentication
✓
AWS WAF
✓
Resource policies
✓
A full comparison can be found here.
To protect your HTTP API from certain threats, like malicious users or spikes in traffic the API Gateway provides by default the options of setting throttling targets or/and enabling mutual TLS.
To understand more about these default options, take a look on this page Protecting your HTTP API.
If you want to use WAF, you can create a private integration with ALBs, that supports WAF, which means you can get the benefits of WAF while still enjoying the lower cost and higher performance of HTTP APIs.
Your architecture can be similar with the following one:
To understand more about these integrations, take a look on this page: Best Practices for Designing Amazon API Gateway Private APIs and Private Integration.
You can create private Api Gateways using the tags aws:SourceVpc and aws:SourceVpce in the Api resource policy.
link to aws official documentation
I am building application deployed to Appsync in AWS. And appsync doesn't support custom domain so that I have to choose a workaround.
I have read some doc and all of them mention to use cloudfront. I wonder whether I can use API gateways instead of cloudfront. For me, I don't want to use any CDN for my backend (even I know I can disable cache).
And I'd like to support subscription over websocket. Does it work with api gateway?
We can setup proxy from Api Gateway both HTTP and REST. Considering this is just proxy and no customizations, we can go with cheaper option of HTTP API.
Here is the documentation.
Step by Step:
Create a HTTP Api
Add a route for /{proxy+} with ANY method.
Add an integration to ANY method pointing to appsync api suffixing with {proxy} https://kkkkabcd1efgxyzeabcdefg4.appsync-api.us-east-1.amazonaws.com/{proxy}
Route53 to point to Api Gateway.
How to integrate API gateway with application load balancer? I have integrated ECS with ALB, now I want to add API gateway in front without lambda. But I got confused how to connect API gateway with ALB..
What you're probably looking for is the HTTP Proxy Integration as described here
The basic idea is this:
Set up your API-Gateway with a greedy path like /{proxy+} on the ANY Method
Set the backend-endpoint to https://my-alb-endpoint.com/ecs-service-bla/{proxy}
(hopefully) success
To make this work, your backend needs to be exposed to the internet (or at least reachable for the API Gateway)!
You probably should keep your backend within a locked down VPC, but for this you're going to need to set up a private integration, which requires a Network Load balancer - this might be costlier, but would be the recommended approach.
Yes you can do . Inside API Gateway under integration type select HTTP and then provide complete path of ALB with endpoint resource.
I have a spring boot rest project which is running successfully, and I am getting success response on http://localhost:8080/students. How can I expose this SpringBoot REST API into a private AWS API GATEWAY? I have to expose the REST API service, and I have to give the endpoints to the client, to access this service. I have no idea how to present and create endpoints in AWS API GATEWAY!
API Gateway will work as mediator between clients and your application. So in the first place your application should be exposed so AWS Gateway could make a call to it.
If you are running application on your local pc you need to expose it to Internet by setting static IP and openning corresponding ports in firewall if you have one. This may works for debug/testing purpose, but in general it is bad because you will expose your application to Internet and client services would have possibility to connect to it directly, instead of gateway.
Other and more proper on my opinion would be to run your application in AWS EC2 instance or in AWS beanstalk. In this case you can configure private endpoint for your application and make it available only through API Gateway. Here you can find more details https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/
So let's suppose you have your application up and running and available for API Gateway. In this case you will need to perform :
Create API in API Gateway
Create resources, i.e. path /user would be user resource
For each resource create a method, i.e. GET, POST, etc. Select integration type HTTP for your methods and set the endpoint it will use
Deploy API to staging
I have a confusing scenario. I am new to AWS. I have some available services written in java jersy and I have them deployed on an Ec2 instance.
I am asked to use API gateway to call these services rather than calling them directly. So for instance if I have a service as follows:
http://domainname/article/2
I want the front end to first call the following endpoint of API gateway:
https://my-api-id.execute-api.region-id.amazonaws.com/stage-name/article
and then the above API Gateway end point call the my service.
What I am thinking is there is a http proxy in integration type when I try to create the API gateway resource. I assume this can fit my purpose but I am not sure about it and I am totally confused.
Can anyone shed light on how I can achieve that?
In the API Gateway Console, create a resource (eg. /v1/user/info) and method (eg. GET/POST etc).
Select Integration Request
You can then configure a an HTTP Proxy or a Lambda function any other AWS Resource. In your case, you want this to be pointing to your EC2 hosted URL.