AWS API Gateway private integration with HTTP API and a VPC Link

By

 AWS API Gateway private integration with HTTP API and a VPC Link


A. Create the ALB:- 

1.Create it as an INTERNAL facing ALB. We don’t want to expose it to the internet.

2.There is only one listener on port 80 (This is the default).

3.Security Group that is created/assigned to the ALB can be fairly open for now (accept HTTP on TCP port 80 from anywhere).

4.In Step 4 of the wizard, the Target Group should have a target type as INSTANCE. Assuming that your EC2 is handling requests on port 80, 

you can keep the rest of the parameters as default. 

5 you can register your EC2 instance. allow security group 80 port.



B. Create a VPC Link:-

1.From the EC2 console, add Security Group for the VPC Link. this can be pretty open for now, with HTTP traffic on port 80 allowed from anywhere.

2.While you are there, alter the ALB SG to accept traffic only from the VPC Link SG, only on port 80.

3.From the API Gateway console, create a new VPC Link for HTTP APIs. Choose the subnets in both AZs as before (the same subnets that were chosen during the ALB creation). 

Assign the recently created SG to it. It should take about 2–3 minutes to be provisioned.



C. Create an HTTP API

1. No need to add any integration in Step 1, we will do it later (private integrations can only set up after the creation of the API)

2. Same with configuring routes in Step 2. Skip it, we will do it later. You cannot set up routes without defining integrations

3. Use all default values in Step 3 for stages. Note that there is a default stage, and it configured for auto-deployment.

4. Review and click on CREATE.

Your new API should be ready.


Let's create the route.

Click on the API name to get to the details page for this new API (if not already there)

Click on routes in the left nav bar and click on CREATE. Use default values of ANY for the method, and / for the route.


Now we will attach an integration to this route

Click on the route on the left side of the screen, and click on the CREATE AND ATTACH INTEGRATION button on the right.

Choose Private Resource, and then ALB/NLB

Choose the ALB that we had configured earlier, with the default listener on port 80

Lastly, choose the VPC Link that we had configured, and click CREATE.


At this point, you should be able to use the Invoke URL of the API to make a call to your EC2, which is now behind an APIG/ALB pair connected with a VPC Link

Comments

Post a Comment

Popular posts from this blog

How to install and configure OSSEC server and client

By
How to install and configure OSSEC server and client sudo timedatectl set-timezone Asia/Calcutta Asia/Calcutta   1. sudo apt-get update && sudo apt-get upgrade -y 2. sudo apt-get install build-essential libevent-dev zlib1g-dev libssl-dev unzip wget -y 3. sudo apt-get install libpcre2-dev 4. sudo apt-get install libsystemd-dev 5. wget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz 6. tar -xvzf 3.7.0.tar.gz 7. cd ossec-hids-3.7.0 8. sudo ./install.sh 9. sudo /var/ossec/bin/ossec-control start   Configure OSSEC nano /var/ossec/etc/ossec.conf Update below <global>     <email_notification>yes</email_notification>     <email_to>root@localhost</email_to>     <smtp_server>127.0.0.1</smtp_server>     <email_from>ossecm@localhost</email_from> </global>   <global>     <emai...
Read more

How to install nuke in windows 10 and windows 11,Installing Nuke on Windows, Install Nuke on Windows

By
  SINGLE MACHINE 1.Install Your Foundry Product 2.Install FLT7 (If you already have our rlm server working and running , jump to step 8)  3.Stop Foundry License Server 4.Copy the cracked rlm.foundry.exe over the original one (C:\Program Files\The Foundry\LicensingTools7.1\bin\RLM\rlm.foundry.exe)  5.Edit xf_foundry.lic replacing desktop 1234567890123456 (host name, Mac-Address)  You can get those informations using rlmutil.exe , a simple dos window ipconfig/all   or you can start Foundry License Utility and choose Diagnostics and Run Diagnostics, you will find your hostname, your mac address (System ID)     PORT is by default 5053 if you dont put any (dont forget to delete the word PORT then if you dont want to specify one) . If you need more infos read RLM manual. 6.Copy the xf_foundry.lic to C:\ProgramData\The Foundry\RLM or C:\Program Files\The Foundry\LicensingTools7.1\bin\RLM\ 7.Restart RLM Server you can do that from services or just with Fo...
Read more

Autodesk Maya 2024 Install Windows 11

By
 1) Install Autodesk Application - Do Not Start it yet  2) Install the Autodesk network license manager (v11.18.0) from crack folder (NLM.msi Update 8)      -Default install is "C:\Autodesk\Network License Manager"     -Stop any running instance (lmgrd, adskflex) if you have one     -Replace adskflex.exe by cracked one   3) Replace the version.dll - \Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\ 4) Edit lic.dat and change HOSTNAME and MAC to suit your configuration (if you are not sure start LMTOOLS Utility and go to     System Settings, your HOSTNAME and MAC will be listed)    You can change vendor port too and add your previous licenses of course :)    Save lic.dat where you want (we suggest to "C:\Autodesk\Network License Manager" folder) 5) You have 2 options:     1)Start Network License Manager manually :     Run the license manager w...
Read more