Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS API Gateway Access Private Subnet

Tags:

amazon-web-services

api-gateway

aws-vpc

I have Public and Pvt Subnets in my VPC. I have some services running on EC2 in Pvt subnet, that needs to be accessed by external/mobile resources. How do I do this- is VPCLink and NLB the way to do it, or any other way, create some access point in Public subnet (??). Lambda seems to be the answer (for almost everything in AWS now) - not sure even how that access works for resources in Pvt Subnet.

Also the same Pvt Subnet has access external resources (outside of AWS) - how do I do this using the API Gateway?

Not quite understanding how the API-Gateway (and Lambda) is situated vis-a-vis - VPC and subnets- and how the network access control functions- can they access Pvt subnets directly or not. The documentation is somewhat silent on this, only talks about IAM - if someone can explain this. Found this on Lambda: AWS Lambda: How to setup a NAT gateway for a lambda function with VPC access.

The documentation says "API Gateway allows you to securely connect ... publicly addressable web services hosted inside or outside of AWS". My resources in Pvt subnet are not publicly addressable - I suppose.

Thanks

like image 810
Sam-T Avatar asked Nov 28 '18 00:11

Sam-T

People also ask

How do I access API in private subnet?

To access your private API once it's deployed, you need to create an interface VPC endpoint for it in your VPC. After you've created your VPC endpoint, you can use it to access multiple private APIs. Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/ .

Does API gateway sit in a VPC?

API Gateway as a fully managed service runs its infrastructure in its own VPCs. When you interface with API Gateway publicly accessible endpoints, it is done through public networks.

Does API gateway sit in a subnet?

API Gateways In the API Gateway service, an API gateway is a virtual network appliance in a regional subnet. Private API gateways can only be accessed by resources in the same subnet. Public API gateways are publicly accessible, including from the internet.

1 Answers

Are the services you have running on EC2 offering an API? API Gateway is meant to proxy API requests. It's commonly used in conjunction with Lambda to allow Lambda functions to process HTTP requests. An API Gateway is not necessary for your service. You can simply use an Application Load Balancer (ALB) or an Elastic Load Balancer (ELB). They can reside on a public subnet while your service remains in the private subnet. You can use security groups and VPC routing tables to allow communication from your public ALB/ELB to your private EC2 service.

like image 112
Ben Whaley Avatar answered Sep 21 '22 18:09

Ben Whaley
Sign in to Comment

Related questions

How to CloudWatch Laravel logs deployed in AWS Elastic Beanstalk?
Send a notification by Lambda function with AWS Pinpoint
AWS ATHENA: user-defined variables
Changing "Origin Path" in CloudFront takes very long to kick in
Connecting Athena and S3 in same Cloudformation Stack
Access denied on S3 PUT request with pre-signed URL
What is the impact if my service exceeds 100% "Service CPU utilization"
AWS ApiGateway customize Request Validation Response
Invoking aws Step function from java lambda
How to move AWS Elasticsearch into another account
aws - Uploading a string as file to a S3 bucket
How do get a simple localstack/localstack to work with node.js
Configure dynamoDb stream to invoke lambda function only on delete
How to Install aws-sam-cli in ubuntu 14?
AWS Elastic Beanstalk Environment termination failing due to non-existent RDS
AWS Athena + S3 limitation
Restrict login to Enterprise Google Domain for AWS Federated Identity Pool
Best way to copy messages within 2 SQS queues across AWS accounts
CloudWatch Event that targets SQS Queue fails to work
BOTO3 - generate_presigned_url for `put_object` return `The request signature we calculated does not match the signature you provided`

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!