I have a use case where i am supposed to connect my client to apigateway using websockets. I have seen the API gateway can be configured with WAF rules in case of a REST api but i am not able to see the websockets API gateway under the list of resources that can be added to WAF protected resource in AWS console. Does it mean that websocket connections to API gateway cannot be protected using WAF ?
As of now, WAF cannot be used with a WebSocket API in Amazon API Gateway. However, by configuring authorizer and throttling, you can protect your API.
Reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-protect.html
Related
in my current existed environment we have aws alb with backend APIs in ECS fargate, now I want to integrate aws API gateway and Cognito with alb. but as per AWS docs, we can only use rest API type API gateway for Cognito integration, but again as per AWS docs with rest API gateway type we can't use alb and we can only use nlb but my APIs are configured with path-based routing in alb
if I replace my alb with nlb how can I achieve my path-based routing for the backend API's and is there any other way that I can use to configure Cognito, rest API and loadbalcners
as I said can I use alb behind new nlb target group
You can in fact use Cognito to secure HTTP APIs in API Gateway by configuring a JWT authorizer
This example CloudFormation template will help you get it configured.
I want to create websocket api using amazon API gateway. Is it possible to configure it such a way that can transfer data from/to EC2 instances? I know with lambda function it is possible but instead of lambda, is it possible to leverage EC2 server a backend for WebSocket API implementation?
WebSocket API implementation using API Gateway has a integration support for HTTP. So you can expose your HTTP endpoint on EC2 server, then integrate this with your WebSocket API implementation with EC2 as a backend(integration type). For details, refer to below AWS doc:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-integration-requests.html
in my case, it would be AWS service. we will use EC2 as aws service in backend. we dont have HTTP endpoint. there are many documents and tutorials available but 99% of those are using lambda function. I am trying to integrate with EC2.
We have a microservice architecture and trying to deploy on AWS while leveraging its API Gateway.
Our API Gateway is using a public TSL certificate for client requests, but we wonder how we should be encrypting the communication from the API Gateway to the Load Balancer and then to the services. The API Gateway can also issue "Client Certificates" but it's not clear how we should utilize that.
We are hoping not to have a private CA on AWS as it is quite costly and we don't have any burning use for it.
I think the traffic between API Gateway and internal AWS services is always going through HTTPS. This is based on the comments from BobK#AWS:
HTTPS is used for traffic between CloudFront and API Gateway.
Communication from API Gateway to other services, such as Lambda, is
also over HTTPS.
The only time API Gateway would not use SSL is if you configured an
HTTP integration and chose not to enable HTTPS on that integration.
I use AWS API Gateway that proxies HTTP queries to my services. How could my services check that HTTP requests are originating from AWS API Gateway?
You can use client-side certificates to authenticate requests between API-Gateway and your server.
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
You can use API Gateway to generate an SSL certificate and use its public key in the backend to verify that HTTP requests to your backend system are from API Gateway. This allows your HTTP backend to control and accept only requests originating from Amazon API Gateway, even if the backend is publicly accessible.
The SSL certificates that are generated by API Gateway are self-signed and only the public key of a certificate is visible in the API Gateway console or through the APIs.
Since Nov 30, 2017 Amazon API Gateway Supports Endpoint Integrations with Private VPCs.
You create an endpoint to your VPC by setting up a VPC link between your VPC and a Network Load Balancer (NLB), which is provided by Elastic Load Balancing. The NLB send requests to multiple destinations in your VPC such as Amazon EC2 instances, Auto Scaling groups, or Amazon ECS services.
How to Set up API Gateway Private Integrations
I need to communicate elasticache(Redis engine) using AWS API gateway. I successfully connected the ElastiCache from lambda function in the same VPC. I cant connect from outside VPC.
So I tried to create an API gateway, and select integration type as AWS Service Proxy and AWS Service as ElastiCache.
This is the screenshot for creating an API gateway
But I don't know, how to test this created API for executing Redis commands.
eg: SET A FOO
is it possible to communicate ElastiCache using API gateway?
API Gateway service proxy is for proxying the AWS API, not the Redis API, so that's not going to work for you. You will have to create a Lambda function and use API Gateway Lambda integration.