Hi I am trying to use AWS cost explorer API's to get billing usage, I tried to find a VPC Endpoint for this but was unable to find one.
Is there a way to create a Custom Endpoint for AWS services ?
(P.S. : Please don't suggest to use a NAT or Internet gateway)
AWS Cost Explorer does not have a VPC endpoint.
You can check supported services for VPC endpoints here:
If you don't want to use NAT nor Internet gateway, you could maybe proxy to the explorer using your own VPC endpoint services. This would require a second VPC with access to the cost explorer.
Alternatively, you could create private API Gateway, with AWS integration to the cost explorer REST API.
Related
I want to expose a websocket service running in a VPC through API Gateway. I have created an NLB to the service in private subnet.
I'm following this API Gateway integration guide which asks me to setup API Gateway private integration (one of the integration types). There onwards the examples are all for HTTP/REST.
In the VPC link creation page I see two options:
First option allows me select an NLB but it is for REST. The second option only has the option to select a VPC, subnet and security group.
How do I setup VPC Link for websocket API?
You are able to create a VPC Link for a WebSocket API from the Integration Request window.
First select you WebSocket API and then click on $connect in the Routes tab. There you will find the "Integration Request" block where you can configure a VPC Link integration type. It seems like you can only integrate with REST APIs VPC Links, which seems a bit confusing to me either.
Using AWS Direct Connect, we've built a network between our on-premise and our AWS VPC. We've developed a web application that users will access from within the on-prem network. We're using the HTTP API Gateway, which uses a VPC Link to connect to the private ALB. We've used a Custom Domain Name with the HTTP API Gateway and disabled the default endpoint. The domain name is registered in a private hosted zone on Route 53.
We want to keep all the traffic between the clients and the API Gateway within our private network. However, we can see that the requests going to the HTTP API Gateway leave our network because the custom domain name for the API Gateway resolves to a public IP address.
Is there a way to assign a private IP address to the HTTP API Gateway? Or any other way to keep the traffic within our network?
One option is to switch to the REST API Gateway and make its endpoint type Private. However, the HTTP API Gateway suits our needs much better with its simplicity. It also has the option for connectivity to an ALB using VPC Link, which the REST Gateway lacks.
Sadly no, the HTTP APIs do not support Private APIs. Whatever solution you will use, HTTP API endpoint must be public.
You have to use REST API, or create your own fully custom solution if REST API is out of question.
I want to provide an update to this topic.
AWS updated its product and private endpoints are available right now.
AWS - Private API endpoint
There are also a couple of examples out there also for CDK, Cloudformation or management console.
I hope this helps
I have a scenario in which some HTTP service is deployed on AWS instance and I want to access this privately in my Google cloud function. What I have tested so far that using a VPN Gateway I can connect both google and AWS compute instance. BUT now I am looking for how it can be possible while using Google functions which are not under any VPC to access the service over VPN gateway.
Is there any way I can assign my google cloud function to the VPC through which I can call AWS service over VPN Gateway?
You can create a serverless VPC Connector in the Google CLoud VPC that you want and add it to your function.
On your function configuration, you can choose to route only the private IP through this connector, or all the requests initiated by the Cloud Functions.
So, if your route are correct, it should work!
I have a problem configuring my AWS API Gateway:
I have an API deployed in an EKS cluster, and it has a public load balancer, so right now, this API is accessible from everywhere. I want to allow access to this API only from AWS API Gateway, so if anyone wants to use the API, it has to be through AWS API Gateway.
The problem is that I don't know how to allow traffic to the API only from API Gateway. I tried using a security group, but AWS API Gateway IP changes all the time. I tried also using an internal load balancer in my Kubernetes deployment, but AWS API Gateway can't reach that loadbalancer!
Thanks in advance with the help!
You can do this by using a Network Load Balancer.
Create an internal network load balancer and have your containers be added to its target group.
Then in API Gateway create a VPCLink to your Network Load Balancer. Then use the VPCLink within your API Gateway setup.
More instructions available here.
You might be able to accomplish this by setting up an API Gateway private integration. This makes it simple to expose your HTTP/HTTPS resources behind an Amazon VPC for access by clients outside of the VPC.
Also, have a look at Amazon EKS cluster endpoint access control in order to understand how you can enable endpoint private access for your cluster.
I have 1 Lambda Function connected to AWS Oracle RDS. I have exposed lambda to outer world via API Gateway.
How can i access same API Gateway in my EC2 Instance where i have my back-end services running?
[ec2-user#ip-22-22-22-22 dummy]$ ./telnet 10apexecute2.execute-api.eu-west-1.amazonaws.com 443
Trying 55.11.144.98...
Please help
As the account must be restrictive with its outbound communication over internet, the suggested solution would to make use of a VPC endpoint for API Gateway.
Once you create this endpoint, make sure to enable the "Enable Private DNS Name" option to override the DNS resolution for execute-api endpoints to speak to resolve through your VPC endpoint.
More information can be found in this blog post: Introducing Amazon API Gateway Private Endpoints | AWS Compute Blog