Menu
When you create an API using Gateway and map a custom domain, AWS API Gateway makes an entry in cloudfront distribution
source: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
For every API you create, API Gateway sets up an Amazon CloudFront distribution for the API. Requests with the default API URL are routed through the corresponding CloudFront distribution. Similarly, for every custom domain name, API Gateway sets up a CloudFront distribution. An API request with the custom domain name is routed through the custom domain name's CloudFront distribution.
However the cloudfront IPs can change when AWS updates the ip ranges.
As a user of the API, how do I bind a static IP to the custom domain mapped to Gateway so that I need not update firewall egress settings whenever AWS updates the IP ranges?
715
Public API Gateway can be invoked using a URL and does not reserve public static IP addresses.
IP Address ranges provided by AWS is provided as a JSON file here. These address ranges keep on changing.
By following the steps in this pattern, you can create a Lambda function and a virtual private cloud (VPC) that routes outbound traffic through an internet gateway with a static IP address. To use the static IP address, you attach the Lambda function to the VPC and its subnets.
It is not possible to attach a static IP to API Gateway. However, AWS Publishes the IP ranges used by CloudFront which can be used to whitelist the firewall egress settings.
Since these IP ranges also can change, it is recommended to automate the checking for changes using this URL and update the rules accordingly.
178
Welcome to multi cloud ;-)
I was researching on this topic and found that there are solutions from other cloud providers.
Google GCP : https://cloud.google.com/cdn/
So google CDN do provide one anycast IP by default.
Microsoft Azure API management https://azure.microsoft.com/en-us/services/api-management/ Do provide static IP.
In my opinion for AWS they solved the static IP problem with global accelerator or NLB but the problem is that both of these products are not layers 7 API management solutions.
So basically at this point , you can solve layer 4 but for layer 7 you need to use api gateway or cloud front and both don't have any direct integration with global accelerator or NLB.
In google solution atleast their CDN give only one anycast IP, which is not yet there in AWS cloudfront ( although matter of time )
I liked Microsoft API management for this particular case , where u get static ip + API management in one solution.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
