I have deployed 2 services in ECS Web and API, Both of the services have their ALB, How can I configure my domain as follows:
example.com -> Web ALB
example.com/api -> API ALB
I tried creating a single ALB for both web and api target group and added a path based routing in rules but /api request is received by nodejs with full path, Eg. if a call example.com/api/products node is getting /api/products instead of /products
What could be a proper way of implementing this?
Thanks!
call example.com/api/products node is getting /api/products instead of /products
That's correct and that's how it should work. In other words, ALB can't change path from /api/products to /products, because ALB only forwards requests, it does not re-write them.
You can have a look at CloudFront, which could be helpful in that case.
Related
I wonder how to manage the routes of my architecture. To summarize, my architecture is composed of :
S3 static website exposed under CloudFront CDN
Elastic Beanstalk API (based on Docker container with Django Rest and Python)
I usually insert a new record to my hosted zone in my route 53 but my goal here is to have the equivalent of Nginx locations with proxy_pass. For example, I would have :
<my_dns_record>/api that target my Beanstalk API
<my_dns_record> that target my static website on my CloudFront
I thought about an API Gateway but I wonder if it's really the best way to structure the routing.
Does anyone have an idea how to achieve the desired behavior ?
Thank you in advance for your help.
If I understand correctly, you want to have multiple apps (your S3 static site, and your Elastic Beanstalk app) served under a single domain. Route53 doesn't have any special features to handle this, since it is just a DNS service, and what you are talking about is an HTTP path routing thing.
You also shouldn't use API Gateway for this, as you would be placing your entire website behind an API Gateway when it is really only appropriate to have your API behind an API Gateway.
I would just add the Elastic Beanstalk API under CloudFront as well, as a second origin, and configure CloudFront to send requests at the /api path to the Elastic Beanstalk origin.
Alternatively, forget about having everything under the same domain, and use a subdomain api.yourdomain.com for your API. Using subdomains for your different services instead of path routing is a lot more flexible.
Okay so here is my requirement. I want to have end points for my customers like so:
https://customer-a.mydomain.com
https://customer-b.mydomain.com
Now, when we access the customer-a endpoint above, I expect AWS to route the request to customer A's ECS Fargate service which is load balanced by https://customer-a-elb.mydomain.com
Similarly, when we access the customer-b endpoint above, I expect AWS to route the request to customer B's ECS Fargate service which is load balanced by https://customer-b-elb.mydomain.com
The plan was, from my DNS, I would route everyone who accesses *.mydomain.com (wild card DNS entry) to the same API Gateway in AWS. And let the API Gateway determine which load balancer to route to depending on the base URL.
I was hoping this can be easily achieved using AWS API Gateway but so far I have not been able to find a solution to implement this. From what I understand, it is only possible to do path based routing (as opposed to base URL based routing which is really what I need in this case).
Any hints would be much appreciated.
CLARIFICATION :
per my requirement, both the customers need to access the same path /myservice but on different ELBs. For e.g.
https://customer-a.mydomain.com/service1 -> https://customer-a-elb.mydomain.com/service1
https://customer-b.mydomain.com/service1 -> https://customer-b-elb.mydomain.com/service1
Somehow I think path based routing cant handle this scenario - as we can define only one route for a path.
API Gateway supports path-based routing. And you can configure which resources will receive incoming API requests based on the URL requested by the client. The following example may help you.link
I have an alb pointing to my ecs service registered to target-group-one. The DNS of the load balancer works fine and able to print the message from my simple apache webserver. However when I configure path based routing like in the image attached and the add the path to the the DNS url ......com/gci, I get the error message The requested URL was not found on this server.
What am I not missing or not doing right?
If your actual httpd server does not respond to /gci without ALB, then it will not work with ALB. The path rule that you configured only forwards the query to your target group (TG).
So if the rule matches www.example.com/gci, ALB will just forward the query to the associated TG. This means that your ECS service still must correctly respond to /gci path.
In other words, the forwarding rules of ALB do not re-write the paths.
I have an Elastic Beanstalk environment which is a Node API. I also have a Angular web app outside of AWS on domain: www.example.com
How would I go about making it so only calls made from 'www.example.com' to the AWS environment(Node API can be accessed?
I am familiar with AWS security groups but it doesn't handle domain whitelisting (Only IP's). Since users will be on different IP's using www.example.com I need to whitelist by domain and not IP.
Any help would be greatly appreciated!
Without blocking via IP your only choice is to look at attaching a WAF to the ALB in your Elastic Beanstalk environment.
By doing this you can allow only traffic that matches a set of conditions, if there is a particular header that your requests include when they make requests to the backend then you can allow requests from these sources.
Assuming the request to the API is made from the frontend you should have a referrer header which contains the source of the previous page. You could whitelist this domain in the WAF.
A Layer 7 load balancer is more sophisticated and more powerful. It
inspects packets, has access to HTTP and HTTPS headers, and (armed
with more information) can do a more intelligent job of spreading the
load out to the target.
https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/
I understand the AWS Application Load Balancer has access to the HTTP(S) request headers but I can only see how you can route via the path. Can someone explain how I can route based on the user-agent header. If it's not possible, please suggest an alternative AWS method.
Till 2017-05-26 ALB doesn't have header based routing. With a update on 2017-04-05 it has included Host based routing. Currently it supports only path and host based routing. You can visit here for latest AWS information.
If you want to route based on headers ,currently there are no options in ALB.
You have to have an additional layer either like a proxy / nginx servers.
Flow can be something like this below.
Client calling https://example.com
ALB's DNS is configured to example.com
ALB has Target group attached to it which has nginx instances. Nginx instances routes to respective Load balancer with the header information. ( eg. if customerId is 123 route to ELB 1 else route to ELB 2 )
Two ELB has different EC2 instances attached to it.
But heard AWS is working on routing request based on the headers.
For anyone looking now, as of March 27 2019, ALBs now support routing based on HTTP headers other than the Host header.