HTTP endpoint for AWS Managed Kafka? - amazon-web-services

Can a HTTP endpoint be setup with AWS's Managed Streaming for Apache Kafka (MSK)? With which we can send data using HTTP POST? We can't use the AWS SDK because the client is very thin (it is our CDN actually) and it can only do simple HTTP requests like cURL/wget.

You can use the KAFKA REST Proxy within the same VPC where you are running MKS , quoting from MSK FAQ's . Refer to the Kafka REST Proxy docs for the APIs
REST Proxy: A REST proxy can be installed on an instance running within your VPC. REST proxies allow your producers and consumers to communicate to the cluster through HTTP API requests.

Related

What's endpoint url in aws api deployment?

I want to deploy my API to AWS, there is an Endpoint URL, but I have no idea what's this
Any help please, thank you.
The HTTP integration will forward any requests to API gateway to your HTTP endpoint which you already must have. For example, you can create some API server of your own on an EC2 instance, and API gateway through HTTP integration will proxy all requests to your instance. In this case, the HTTP endpoint will be your EC2 url.
But if you don't know what is your HTTP endpoint, then probably you don't need to use HTTP integration. Maybe lambda integration would be better.

can I proxy AWS API Gateway WebSocket to WebSocket?

Currently I am using the API Gateway as a kind of proxy to provide https simply
https://random-aws-name.com => http://my-domain.com
The route was $default
The integration setup is HTTP ANY -> http://my-domain.com
I am now having to setup an Websocket server on my domain that is already listening at ws://my-domain.com. I can connect directly to this socket but not using the AWS API Gateway
wss://random-aws-name.com => ws://my-domain.com
Currently I an getting unexpected error 400, using wscat
I tried to enable API gateway logging and do not see any log arrive
IMHO, AWS API Gateway is only able to provide a wss end point and route requests to HTTP backends only. If we already have a backend websocket server, I don't see an option in AWS API Gateway to perform such routing (Although I would be glad to be proven wrong as I have such a requirement myself.).
I actually tried giving wss:// url as the Endpoint URL but I got an error while deploying the API saying Invalid HTTP endpoint specified for URI
Most likely, the API Gateway you are currently using is not a WebSocket API, but rather an HTTP API or REST API. API Gateway has different flavors. You pick a flavor when you deploy. The flavor that you deployed is most likely not the flavor that supports WebSocket connections.
According to this documentation page, proxied WebSocket connections may only be one-way (note in blue box at bottom of page): https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-routes-integrations.html

Can AWS proxy be used to enable https for a http backend?

I have received an AWS EC2 instance running a web application, which is only available in http (insecure). Can I use AWS proxy such that the publicly accessible URL is https, and http happens only within AWS?
You can use Application Load Balancer to hide http endpoint behind https

Can AWS API Gateway automatically add correlation (request) ID

I have a set of microservices running on ECS which are deployed behind the API Gateway which forwards the client calls to the service endpoints.
I would like to use correlation (request) IDs in my services so that I can easier relate the events and everything that happens on the backend and the client requests.
Is there a possibility to configure AWS API Gateway to automatically add auto-generated (unique) correlation ID as a header of the request before it's forwarded to my backend services?

AWS API Gateway and AWS Lambda - handling client certificate

I am looking to build an API orchestration layer using API Gateway and Lambda.
For my basic use case I want to have a Python script in Lambda that will just relay the request received at the API Gateway from the client (mobile app in this case) and call an external HTTPS service as the backend.
My question is:
Our mobile client uses client certificates to talk to our HTTPS endpoint today.
How do I go about intercepting that client certificate in my new API Gateway + Lambda setup?
Responded here. Copying the answer below for StackOverflow audience-
===
Unfortunately, API Gateway does not support client certificate validation from clients to API Gateway at the moment. We do, however, support client side SSL certificates for authentication by the backends.
Depending on your use-case, you can use various other options in API Gateway to authenticate/authorize your calls from the mobile client; eg API Keys, Custom Authorizers etc. The request from API Gateway to Lambda should already be encrypted.
Hope that helps,
Ritisha.