I have gone through the Amazon API gateway and lamda and its i understand the combination as lamda proving computation.
Is lamda is providing computation only or it can connect to EC2 linux instance and further to RDS?
Or Amazon API gateway direct connect to EC2 Linux instance?
I am confused?
Can any one help me on this?
Thanks
So in my opinion you are looking at serverless framework which is an API gateway which is configured with stages that send requests to your lambda function.
There is no need for Ec2 instance usage. Lambda function will establish connections with your database and make calls to it. Your database setup can be either private or public.
Additionally, on top of your api gateway you can implement something like cloudfront distribution and WAF which will provide further enhancements to your setup.
Related
I can't figure out how to make them talk using API calls. Previously I used API Gateways which would trigger lambdas and that lambdas would interact with dynamodb and other services and send me back json response. Now I want to shift to EC2 instances and totally skip API gateway usage. And let a server I run in ec2 do the computation for me. Do I need to deploy a web service(DJango RESTFUL) in EC2 instance and then use it to call in my frontend? If yes I need little guidance how
And Suppose I want to access s3 storage from my DJango restufl in EC2. Can I do it without having to enter the access key and ID and use roles instead just like how I would access s3 from the ec2 instance without access key and ID. Traditionally with SDK we have to use access key and secret keys to even get authorized to use services in SDK so I was wondering if there was a way to get over this since the program will be running in EC2 instance itself. One really inefficient way will be to run a batch command that makes the EC2 interact with services I need without SDK and with roles instead but It is really inefficient and too much work as far as I can see.
As you are familiar with API Gateway, you can use the same to connect to your EC2 instance, its private integration, with the use of VPC Links.
You can create an API Gateway API with private integration to provide your customers access to HTTP/HTTPS resources within your Amazon Virtual Private Cloud (Amazon VPC). Such VPC resources are HTTP/HTTPS endpoints on an EC2 instance behind a Network Load Balancer in the VPC.
You can go though this document for step by step integration.
If you do not want to use API gateway any more, then you can simply use Route53 to route traffic to EC2 instance, all you need is the IP address of the EC2 instance and a hosted zone created using Route53.
Here is a tutorial for your reference.
I want to create websocket api using amazon API gateway. Is it possible to configure it such a way that can transfer data from/to EC2 instances? I know with lambda function it is possible but instead of lambda, is it possible to leverage EC2 server a backend for WebSocket API implementation?
WebSocket API implementation using API Gateway has a integration support for HTTP. So you can expose your HTTP endpoint on EC2 server, then integrate this with your WebSocket API implementation with EC2 as a backend(integration type). For details, refer to below AWS doc:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-integration-requests.html
in my case, it would be AWS service. we will use EC2 as aws service in backend. we dont have HTTP endpoint. there are many documents and tutorials available but 99% of those are using lambda function. I am trying to integrate with EC2.
I have a ECS fargate container running inside a private VPC which doesn't have internet access. It needs to invoke a lambda via AWS SDK. Based on my understanding, AWS creates a default public endpoint for the lambda and when I call invokeLambda method the traffic will always go to internet. If my understanding is right, that means my Fargate container won't be able to call the lambda. Is it right?
If it is right, what is the alternative solution is? The goal is that the traffic won't go to internet in any chance.
Can I create a private link endpoint for my lambda?
Or create a API gateway with VPC endpoint which connects to lambda?
If my understanding is right, that means my Fargate container won't be able to call the lambda. Is it right?
Yes. Without NAT gateway or instance, you won't be able to directly invoke the lambda function from private subnet.
Can I create a private link endpoint for my lambda?
Sadly no. There are not VPC interface endpoints for lambda.
Or create a API gateway with VPC endpoint which connects to lambda?
Yes, this should be possible by creating private API gateway. The private API would be only accessible from within your VPC. But API gateway to lambda will still probably go over the internet.
The Security Overview of AWS Lambda whitepaper writes:
Invocations from Amazon Kinesis and DynamoDB streams, SQS queues, Application Load Balancer,and API Gateway follow the request-response path
For request-response invocations, the payload passes from the API caller—such as AWS API Gateway or the AWS SDK—to a load balancer, and then to the Lambda invoke service. This service identifies an execution environment for the function, and passes the payload to that execution environment to complete the invocation. Traffic to the load balancer passes over the internet, and is secured with TLS.
I'm still fairly new to AWS, and I'm trying to nail down architecture for trying to solve this. I'm attempting to build an API with API Gateway & Lambda, and be able to query an on-prem SQL Server DB from those Lambda functions, by using a VPG, VPN Tunnel, and Customer Gateway.
My understanding is that Lambda functions run within a VPC by default, so in order to have a data flow from my API to an on-prem server, do I need to surround that in yet another VPC, and attach my VPG directly to that?
I deployed a lambda to AWS and created an api gateway to access it. I don't want the API gateway to be public because the lambda is only called from one of my ec2 instance. What is the best way to configure it to secure this API? My ec2 instance needs public IP address since I have DNS configure route pointing to it.
Since you are only using the AWS Lambda function from a single Amazon EC2 instance, there is no need to use API Gateway. (API Gateway is normally used to expose an API to a large number of users.)
You can instead invoke an AWS Lambda function directly:
You can use the AWS Command-Line Interface (CLI) by calling aws lambda invoke
You can also use an AWS SDK from a programming language such as Python, Java and Node.js
I would recommend using Private API in Amazon API Gateway,
This will secure your API Gateway and make it accessible only to the resources within your VPC.
It can be further secured using the Security group and Resource Policy for a Private API.
You will need to create an Endpoint to use a Private API Gateway though.
Detailed setup -
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html