API GATEWAY-AWS API GATEWAY with Private Integration part 2

By September 26, 2019 February 12th, 2020 AWS, Blogs

Written by Mudita Misra, Cloud Engineer, Powerupcloud Technologies

In blog series of AWS API GATEWAY here comes part-II:

Now, we can implement AWS API Gateway with Private hosted API’s, if we are planning to share the API’s with third-party tools/applications.

  1. We can create an API Gateway API with private integration to provide the customers access to HTTP/HTTPS resources within Amazon VPC.
  2. Such VPC resources are HTTP/HTTPS endpoints on an EC2 instance behind a network load balancer in the VPC.
  3. When a client calls the API, API Gateway connects to the network load balancer through the pre-configured VPC link. It will be forwarding API method requests to the VPC resources and returns backend responses to the caller.
  4. For an API developer, a VpcLink is functionally equivalent to an integration endpoint.
  5. To create an API with private integration, we must create a new or choose an existing VPC Link connected to a network load balancer that targets the desired VPC resources. We must have appropriate permissions to create and manage a VPC Link.
  6. Now we can set up an API method and integrate it with the VpcLink by setting either HTTP or HTTP_PROXY as the integration type, setting VPC_LINK as the integration connection type, and setting the VPC Link identifier on the integration connectionId.

Let’s start the implementation:

Network load balancer:

  1. Create/Choose a VPC from the AWS account with a private subnet(application requirement).
  2. Create an EC2 server and deploy sample application; we have opted nginx for the sample.
  3. Let us create the Network load balancer for the application, click on Load balancers from the left pane.

4. Click on Create in Network load balancer section.

5. Give NAME, choose internal for the schema in load balancer configuration, as the load balancer should be internal for VPC Link. Choose VPC and subnet respectively.

6. Next, create a Target group with NAME, choose protocol and port according to the application. Click NEXT.

7. Click next, and attach the server(created above) to the target group for a specific port on which application is running, click create and keep some patience by waiting for the instance to become healthy from the initial state.

API GATEWAY:

Create the API gateway, specify some names and descriptions. You can follow the link below, for creating the API gateway from our part-I blog:

https://blog.powerupcloud.com/api-gateway-part-i-aws-api-gateway-monitoring-and-authentication-36617ea47f57

Once, you have finished with the API gateway creation, resume the steps from below

  1. Next is the VPC link.
  2. For VPC link click on the left pane and then click CREATE, give some name and description for your VPC Link.

3. Give the target Network load balancer we created above, click Create. It will take 4–5 minutes.

4. Let’s move to the API we created.

5. Choose APIs from the primary navigation pane and then choose + Create API to create a new API of either an edge-optimized or regional endpoint type.

6. For the root resource (/), choose Create Method from the Actions drop-down menu, and then choose GET.

7. In the / GET — Setup pane, initialize the API method integration as follows:

  • Choose VPC Link for Integration type.
  • Choose Use Proxy Integration.
  • From the Method drop-down list, choose GET as the integration method.
  • From the VPC Link drop-down list, choose [Use Stage Variables] and type ${stageVariables.vpcLinkId} in the text box below.
  • We will define the vpcLinkId stage variable after deploying the API to a stage and set its value to the ID of the VpcLink created above.
  • Type a URL, for example, http://muditademo.com, for Endpoint URL.
  • Here, the hostname (for example, muditademo.com) is used to set the Host header of the integration request.
  • Leave the Use Default Timeout selection as it is unless we want to customize the integration timeouts.
  • Choose Save to finish setting up the integration.

3. Give the target Network load balancer we created above, click Create. It will take 4–5 minutes.

4. Let’s move to the API we created.

5. Choose APIs from the primary navigation pane and then choose + Create API to create a new API of either an edge-optimized or regional endpoint type.

6. For the root resource (/), choose Create Method from the Actions drop-down menu, and then choose GET.

7. In the / GET — Setup pane, initialize the API method integration as follows:

  • Choose VPC Link for Integration type.
  • Choose Use Proxy Integration.
  • From the Method drop-down list, choose GET as the integration method.
  • From the VPC Link drop-down list, choose [Use Stage Variables] and type ${stageVariables.vpcLinkId} in the text box below.
  • We will define the vpcLinkId stage variable after deploying the API to a stage and set its value to the ID of the VpcLink created above.
  • Type a URL, for example, http://muditademo.com, for Endpoint URL.
  • Here, the hostname (for example, muditademo.com) is used to set the Host header of the integration request.
  • Leave the Use Default Timeout selection as it is unless we want to customize the integration timeouts.
  • Choose Save to finish setting up the integration.

8. With proxy integration, the API is ready for deployment. We can configure further if required appropriate method responses and integration responses.

9. From the Actions drop-down menu, choose Deploy API and then choose a new or existing stage to deploy the API.

10. Note the resulting Invoke URL. We need it to invoke the API. Before doing that, we must set up the vpcLinkIdstage variable.

  • In the Stage Editor, choose the Stage Variables tab and choose Add Stage Variable.
  • Under the Name column, type vpcLinkId.
  • Under the Value column, type the ID of VPC_LINK, for example, gi****.
  • Choose the check-mark icon to save this stage variable.
  • Using the stage variable, we can easily switch to different VPC links for the API by changing the stage variable value.

11. Get the invoke URL and hit it, we will get the application running on it without hiccups.

That’s it, the API call is going now with the private network via VPC link.

I would like to express my deep gratitude for your generous support Raju Banerjee.

Leave a Reply