From 371827e119b2e617ce74d1f77b2fbb0edfffe519 Mon Sep 17 00:00:00 2001 From: Vamsi Pulikonda Date: Mon, 3 Feb 2025 23:39:08 +0530 Subject: [PATCH 01/10] added files --- rest-api-alb-integration-workaround/README.md | 78 ++++++ .../example-pattern.json | 55 ++++ .../src/app.js | 10 + .../template.yaml | 254 ++++++++++++++++++ 4 files changed, 397 insertions(+) create mode 100644 rest-api-alb-integration-workaround/README.md create mode 100644 rest-api-alb-integration-workaround/example-pattern.json create mode 100644 rest-api-alb-integration-workaround/src/app.js create mode 100644 rest-api-alb-integration-workaround/template.yaml diff --git a/rest-api-alb-integration-workaround/README.md b/rest-api-alb-integration-workaround/README.md new file mode 100644 index 000000000..bd3752ca2 --- /dev/null +++ b/rest-api-alb-integration-workaround/README.md @@ -0,0 +1,78 @@ +# REST API Integration with Private ALB - Workaround + +This pattern explains how to integrate an API Gateway REST API with an Application Load Balancer. + +Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. + +## Requirements + +* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources. +* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured +* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) +* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed + +## Deployment Instructions + +1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository: + ``` + git clone https://github.com/aws-samples/serverless-patterns + ``` +1. Change directory to the pattern directory: + ``` + cd rest-api-alb-integration-workaround + ``` +1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file: + ``` + sam deploy --guided + ``` +1. During the prompts: + * Enter a stack name + * Enter the desired AWS Region + * Allow SAM CLI to create IAM roles with the required permissions. + + Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults. + +1. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing. + +## Background + +Currently, integration between REST APIs and Application Load Balancers (ALBs) has some limitations. Direct integration is only possible with public ALBs using API Gateway's HTTP integration feature. Private ALBs cannot be directly integrated with API Gateway. + +To work around this limitation for private ALBs, a multi-step approach is necessary. First, create an API Gateway VPC link. Then, connect the VPC link to a private Network Load Balancer (NLB). Finally, configure the NLB to forward incoming requests from API Gateway to the private ALB. This setup allows API Gateway to communicate with private ALBs indirectly, enabling the use of private ALBs in API architectures while maintaining the benefits of API Gateway management. + +## Prerequisites + +1. Active Route 53 Hosted Zone for your domain. +2. Valid ACM (AWS Certificate Manager) certificate that covers the domain managed by your Route 53 Hosted Zone. + +## Workaround + +1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer. + +2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer. + +3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener. + + +``` +Workflow: REST API >> VPC Link >> NLB (TCP listener) >> ALB (HTTPS listener) >> Lambda +``` + +## Testing + +Once the application is deployed, retrieve the API URL provided as output and open it in a browser page. + +## Cleanup + +1. Delete the stack + ```bash + aws cloudformation delete-stack --stack-name STACK_NAME + ``` +1. Confirm the stack has been deleted + ```bash + aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" + ``` +---- +Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. + +SPDX-License-Identifier: MIT-0 diff --git a/rest-api-alb-integration-workaround/example-pattern.json b/rest-api-alb-integration-workaround/example-pattern.json new file mode 100644 index 000000000..9d73b927b --- /dev/null +++ b/rest-api-alb-integration-workaround/example-pattern.json @@ -0,0 +1,55 @@ +{ + "title": "REST API Integration with Private ALB integration", + "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", + "language": "Python", + "level": "200", + "framework": "YAML", + "introBox": { + "headline": "How it works", + "text": [ + "To work around this limitation for private ALBs, a multi-step approach is necessary", + "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.", + "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer", + "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", + "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", + "projectFolder": "rest-api-alb-integration-workaround", + "templateFile": "rest-api-alb-integration-workaround/template.yaml" + } + }, + "resources": { + "bullets": [ + { + "text": "How do I integrate an API Gateway REST API with an Application Load Balancer", + "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers" + } + ] + }, + "deploy": { + "text": [ + "sam deploy" + ] + }, + "testing": { + "text": [ + "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: cdk delete." + ] + }, + "authors": [ + { + "name": "Vamsi Pulikonda", + "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", + "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services.", + "linkedin": "https://www.linkedin.com/in/vamsipulikonda/" + } + ] +} diff --git a/rest-api-alb-integration-workaround/src/app.js b/rest-api-alb-integration-workaround/src/app.js new file mode 100644 index 000000000..cb3c4d9c1 --- /dev/null +++ b/rest-api-alb-integration-workaround/src/app.js @@ -0,0 +1,10 @@ +/*! Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: MIT-0 + */ + +'use strict' + +exports.handler = async (event) => { + // Lambda handler code + console.log(JSON.stringify(event, 0, null)) +} \ No newline at end of file diff --git a/rest-api-alb-integration-workaround/template.yaml b/rest-api-alb-integration-workaround/template.yaml new file mode 100644 index 000000000..f9d0f4e61 --- /dev/null +++ b/rest-api-alb-integration-workaround/template.yaml @@ -0,0 +1,254 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: Amazon API Gateway REST API with VPC Link integration with NLB -> ALB Integration +Parameters: + VPCCIDR: + Description: Enter CIDR for new VPC + Type: String + Default: '10.0.0.0/16' + Subnet1CIRD: + Description: Enter CIDR for new Private subnet 1 + Type: String + Default: '10.0.0.0/24' + Subnet2CIRD: + Description: Enter CIDR for new Private subnet 2 + Type: String + Default: '10.0.1.0/24' + AlbCertificateArn: + Description: ARN of the ACM certificate for ABL HTTPS listener + Type: String + AlbInternalCertificateDns: + Description: DNS name for the certificate + Type: String + +Resources: + EC2VPC: + Type: 'AWS::EC2::VPC' + Properties: + EnableDnsSupport: true + EnableDnsHostnames: true + CidrBlock: !Ref VPCCIDR + InstanceTenancy: "default" + + PrivateSubnet1: + Type: "AWS::EC2::Subnet" + Properties: + AvailabilityZone: !Sub "${AWS::Region}a" + CidrBlock: !Ref Subnet1CIRD + VpcId: !Ref EC2VPC + MapPublicIpOnLaunch: false + Tags: + - + Key: "Name" + Value: "Private-new-availability-1" + + PrivateSubnet2: + Type: "AWS::EC2::Subnet" + Properties: + AvailabilityZone: !Sub "${AWS::Region}b" + CidrBlock: !Ref Subnet2CIRD + VpcId: !Ref EC2VPC + MapPublicIpOnLaunch: false + Tags: + - + Key: "Name" + Value: "Private-new-availability-2" + + EC2SecurityGroup: + Type: "AWS::EC2::SecurityGroup" + Properties: + GroupDescription: "Allow VPC CIDR" + GroupName: "PrivateLoadBalancerSG" + VpcId: !Ref EC2VPC + SecurityGroupIngress: + - + CidrIp: !Ref VPCCIDR + FromPort: 443 + IpProtocol: "tcp" + ToPort: 443 + - + CidrIp: !Ref VPCCIDR + FromPort: 80 + IpProtocol: "tcp" + ToPort: 80 + SecurityGroupEgress: + - + CidrIp: !Ref VPCCIDR + FromPort: 443 + IpProtocol: "tcp" + ToPort: 443 + - + CidrIp: !Ref VPCCIDR + FromPort: 80 + IpProtocol: "tcp" + ToPort: 80 + + IAMRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/" + RoleName: "LambdaRole" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + Description: "Allows Lambda functions to call AWS services on your behalf." + + LambdaFunction: + Type: "AWS::Lambda::Function" + Properties: + Description: "AWS Lambda target for ALB" + FunctionName: "ALBTargetLambda" + Handler: "index.lambda_handler" + Architectures: + - "x86_64" + Code: + ZipFile: | + import json + + def lambda_handler(event, context): + return { + 'statusCode': 200, + 'body': json.dumps('Hello from Lambda behind NLB -> ALB Integration!') + } + MemorySize: 128 + Role: !GetAtt IAMRole.Arn + Runtime: "python3.11" + Timeout: 15 + TracingConfig: + Mode: "PassThrough" + EphemeralStorage: + Size: 512 + + LambdaALBPermission: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !GetAtt LambdaFunction.Arn + Action: lambda:InvokeFunction + Principal: elasticloadbalancing.amazonaws.com + + PrivateALB: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + Type: application + Scheme: internal + Name: PrivateALB + Subnets: + - !Ref PrivateSubnet1 + - !Ref PrivateSubnet2 + SecurityGroups: [!Ref EC2SecurityGroup] + + ALBTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + DependsOn: LambdaALBPermission + Properties: + TargetType: lambda + Targets: + - Id: !GetAtt LambdaFunction.Arn + + ALBHttpListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref PrivateALB + Port: 443 + Protocol: HTTPS + Certificates: + - CertificateArn: !Ref AlbCertificateArn + DefaultActions: + - TargetGroupArn: !Ref ALBTargetGroup + Type: forward + + PrivateNLB: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + Type: network + Scheme: internal + Name: PrivateNLB + Subnets: + - !Ref PrivateSubnet1 + - !Ref PrivateSubnet2 + + NLBTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + TargetType: alb + Protocol: TCP + Port: 443 + VpcId: !Ref EC2VPC + Targets: + - Id: !GetAtt PrivateALB.LoadBalancerArn + + NLBHttpListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref PrivateNLB + Port: 443 + Protocol: TCP + DefaultActions: + - TargetGroupArn: !Ref NLBTargetGroup + Type: forward + +# REST API Part + PrivateIntApi: + Type: AWS::ApiGateway::RestApi + Properties: + Name: apigw-with-alb + Description: VPC Link integration REST API with NLB ALB as backend + + RootMethodGet: + Type: AWS::ApiGateway::Method + Properties: + RestApiId: !Ref PrivateIntApi + ResourceId: !GetAtt PrivateIntApi.RootResourceId + HttpMethod: GET + AuthorizationType: NONE + Integration: + Type: HTTP + ConnectionType: VPC_LINK + ConnectionId: !Ref VPCLinkRest + IntegrationHttpMethod: ANY + Uri: !Sub "https://${AlbInternalCertificateDns}" + PassthroughBehavior: WHEN_NO_MATCH + TimeoutInMillis: 29000 + IntegrationResponses: + - StatusCode: 200 + ResponseParameters: + method.response.header.Access-Control-Allow-Origin: "'*'" + method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" + method.response.header.Access-Control-Allow-Methods: "'GET'" + MethodResponses: + - StatusCode: 200 + ResponseParameters: + method.response.header.Access-Control-Allow-Origin: true + method.response.header.Access-Control-Allow-Headers: true + method.response.header.Access-Control-Allow-Methods: true + ResponseModels: + application/json: 'Empty' + OperationName: 'RootOperation' + + + + Deployment: + Type: AWS::ApiGateway::Deployment + DependsOn: + - RootMethodGet + Properties: + RestApiId: !Ref PrivateIntApi + + Stage: + Type: AWS::ApiGateway::Stage + Properties: + StageName: Prod + RestApiId: !Ref PrivateIntApi + DeploymentId: !Ref Deployment + + VPCLinkRest: + Type: AWS::ApiGateway::VpcLink + Properties: + Name: VPCLinkRest + TargetArns: + - !Ref PrivateNLB + +Outputs: + PrivateIntApiEndpoint: + Description: API Endpoint + Value: !Sub "https://${PrivateIntApi}.execute-api.${AWS::Region}.amazonaws.com/Prod" \ No newline at end of file From 83f3405ec901ec75fd5570755bdf85de8b6fb428 Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Tue, 25 Mar 2025 12:46:21 +0530 Subject: [PATCH 02/10] Update README.md Updated "Delete the stack" section --- rest-api-alb-integration-workaround/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest-api-alb-integration-workaround/README.md b/rest-api-alb-integration-workaround/README.md index bd3752ca2..62e8d18aa 100644 --- a/rest-api-alb-integration-workaround/README.md +++ b/rest-api-alb-integration-workaround/README.md @@ -66,7 +66,7 @@ Once the application is deployed, retrieve the API URL provided as output and op 1. Delete the stack ```bash - aws cloudformation delete-stack --stack-name STACK_NAME + sam delete --stack-name STACK_NAME ``` 1. Confirm the stack has been deleted ```bash From 5503bc04866317bb78b6a85152c097d250db8569 Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Tue, 25 Mar 2025 12:55:52 +0530 Subject: [PATCH 03/10] Update example-pattern.json Updated suggested Changes --- rest-api-alb-integration-workaround/example-pattern.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rest-api-alb-integration-workaround/example-pattern.json b/rest-api-alb-integration-workaround/example-pattern.json index 9d73b927b..59a2869ae 100644 --- a/rest-api-alb-integration-workaround/example-pattern.json +++ b/rest-api-alb-integration-workaround/example-pattern.json @@ -18,7 +18,7 @@ "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", "projectFolder": "rest-api-alb-integration-workaround", - "templateFile": "rest-api-alb-integration-workaround/template.yaml" + "templateFile": "template.yaml" } }, "resources": { @@ -41,14 +41,13 @@ }, "cleanup": { "text": [ - "Delete the stack: cdk delete." + "Delete the stack: sam delete." ] }, "authors": [ { "name": "Vamsi Pulikonda", "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", - "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services.", "linkedin": "https://www.linkedin.com/in/vamsipulikonda/" } ] From 55dba6a5f98f4145cd3815cdaa89637b1035e9e8 Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Fri, 9 May 2025 11:40:39 +0530 Subject: [PATCH 04/10] Updated template.yaml with SAM template --- .../template.yaml | 231 ++++++++---------- 1 file changed, 106 insertions(+), 125 deletions(-) diff --git a/rest-api-alb-integration-workaround/template.yaml b/rest-api-alb-integration-workaround/template.yaml index f9d0f4e61..5866b354e 100644 --- a/rest-api-alb-integration-workaround/template.yaml +++ b/rest-api-alb-integration-workaround/template.yaml @@ -1,5 +1,7 @@ AWSTemplateFormatVersion: 2010-09-09 +Transform: AWS::Serverless-2016-10-31 Description: Amazon API Gateway REST API with VPC Link integration with NLB -> ALB Integration + Parameters: VPCCIDR: Description: Enter CIDR for new VPC @@ -28,7 +30,7 @@ Resources: EnableDnsHostnames: true CidrBlock: !Ref VPCCIDR InstanceTenancy: "default" - + PrivateSubnet1: Type: "AWS::EC2::Subnet" Properties: @@ -52,80 +54,71 @@ Resources: - Key: "Name" Value: "Private-new-availability-2" - + EC2SecurityGroup: - Type: "AWS::EC2::SecurityGroup" - Properties: - GroupDescription: "Allow VPC CIDR" - GroupName: "PrivateLoadBalancerSG" - VpcId: !Ref EC2VPC - SecurityGroupIngress: - - - CidrIp: !Ref VPCCIDR - FromPort: 443 - IpProtocol: "tcp" - ToPort: 443 - - - CidrIp: !Ref VPCCIDR - FromPort: 80 - IpProtocol: "tcp" - ToPort: 80 - SecurityGroupEgress: - - - CidrIp: !Ref VPCCIDR - FromPort: 443 - IpProtocol: "tcp" - ToPort: 443 - - - CidrIp: !Ref VPCCIDR - FromPort: 80 - IpProtocol: "tcp" - ToPort: 80 - - IAMRole: - Type: "AWS::IAM::Role" - Properties: - Path: "/" - RoleName: "LambdaRole" - AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - MaxSessionDuration: 3600 - ManagedPolicyArns: - - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - Description: "Allows Lambda functions to call AWS services on your behalf." - + Type: "AWS::EC2::SecurityGroup" + Properties: + GroupDescription: "Allow VPC CIDR" + GroupName: "PrivateLoadBalancerSG" + VpcId: !Ref EC2VPC + SecurityGroupIngress: + - + CidrIp: !Ref VPCCIDR + FromPort: 443 + IpProtocol: "tcp" + ToPort: 443 + - + CidrIp: !Ref VPCCIDR + FromPort: 80 + IpProtocol: "tcp" + ToPort: 80 + SecurityGroupEgress: + - + CidrIp: !Ref VPCCIDR + FromPort: 443 + IpProtocol: "tcp" + ToPort: 443 + - + CidrIp: !Ref VPCCIDR + FromPort: 80 + IpProtocol: "tcp" + ToPort: 80 + + # Using SAM's simplified Lambda function definition LambdaFunction: - Type: "AWS::Lambda::Function" - Properties: - Description: "AWS Lambda target for ALB" - FunctionName: "ALBTargetLambda" - Handler: "index.lambda_handler" - Architectures: - - "x86_64" - Code: - ZipFile: | - import json - - def lambda_handler(event, context): - return { - 'statusCode': 200, - 'body': json.dumps('Hello from Lambda behind NLB -> ALB Integration!') - } - MemorySize: 128 - Role: !GetAtt IAMRole.Arn - Runtime: "python3.11" - Timeout: 15 - TracingConfig: - Mode: "PassThrough" - EphemeralStorage: - Size: 512 - + Type: "AWS::Serverless::Function" + Properties: + Description: "AWS Lambda target for ALB" + FunctionName: "ALBTargetLambda" + Handler: "index.lambda_handler" + Runtime: "python3.11" + Architectures: + - "x86_64" + MemorySize: 128 + Timeout: 15 + EphemeralStorage: + Size: 512 + InlineCode: | + import json + + def lambda_handler(event, context): + return { + 'statusCode': 200, + 'body': json.dumps('Hello from Lambda behind NLB -> ALB Integration!') + } + Tracing: PassThrough + # SAM automatically creates the execution role with basic permissions + # but we can specify a managed policy to match the original template + Policies: + - AWSLambdaBasicExecutionRole + LambdaALBPermission: Type: AWS::Lambda::Permission Properties: FunctionName: !GetAtt LambdaFunction.Arn Action: lambda:InvokeFunction Principal: elasticloadbalancing.amazonaws.com - + PrivateALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: @@ -133,10 +126,10 @@ Resources: Scheme: internal Name: PrivateALB Subnets: - - !Ref PrivateSubnet1 - - !Ref PrivateSubnet2 + - !Ref PrivateSubnet1 + - !Ref PrivateSubnet2 SecurityGroups: [!Ref EC2SecurityGroup] - + ALBTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup DependsOn: LambdaALBPermission @@ -144,7 +137,7 @@ Resources: TargetType: lambda Targets: - Id: !GetAtt LambdaFunction.Arn - + ALBHttpListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: @@ -156,7 +149,7 @@ Resources: DefaultActions: - TargetGroupArn: !Ref ALBTargetGroup Type: forward - + PrivateNLB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: @@ -164,9 +157,9 @@ Resources: Scheme: internal Name: PrivateNLB Subnets: - - !Ref PrivateSubnet1 - - !Ref PrivateSubnet2 - + - !Ref PrivateSubnet1 + - !Ref PrivateSubnet2 + NLBTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: @@ -187,59 +180,47 @@ Resources: - TargetGroupArn: !Ref NLBTargetGroup Type: forward -# REST API Part + # Using SAM's simplified API Gateway definition PrivateIntApi: - Type: AWS::ApiGateway::RestApi + Type: AWS::Serverless::Api Properties: Name: apigw-with-alb - Description: VPC Link integration REST API with NLB ALB as backend - - RootMethodGet: - Type: AWS::ApiGateway::Method - Properties: - RestApiId: !Ref PrivateIntApi - ResourceId: !GetAtt PrivateIntApi.RootResourceId - HttpMethod: GET - AuthorizationType: NONE - Integration: - Type: HTTP - ConnectionType: VPC_LINK - ConnectionId: !Ref VPCLinkRest - IntegrationHttpMethod: ANY - Uri: !Sub "https://${AlbInternalCertificateDns}" - PassthroughBehavior: WHEN_NO_MATCH - TimeoutInMillis: 29000 - IntegrationResponses: - - StatusCode: 200 - ResponseParameters: - method.response.header.Access-Control-Allow-Origin: "'*'" - method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" - method.response.header.Access-Control-Allow-Methods: "'GET'" - MethodResponses: - - StatusCode: 200 - ResponseParameters: - method.response.header.Access-Control-Allow-Origin: true - method.response.header.Access-Control-Allow-Headers: true - method.response.header.Access-Control-Allow-Methods: true - ResponseModels: - application/json: 'Empty' - OperationName: 'RootOperation' - - - - Deployment: - Type: AWS::ApiGateway::Deployment - DependsOn: - - RootMethodGet - Properties: - RestApiId: !Ref PrivateIntApi - - Stage: - Type: AWS::ApiGateway::Stage - Properties: StageName: Prod - RestApiId: !Ref PrivateIntApi - DeploymentId: !Ref Deployment + EndpointConfiguration: REGIONAL + DefinitionBody: + swagger: "2.0" + info: + title: "apigw-with-alb" + description: "VPC Link integration REST API with NLB ALB as backend" + paths: + /: + get: + x-amazon-apigateway-integration: + type: http + connectionType: VPC_LINK + connectionId: !Ref VPCLinkRest + httpMethod: ANY + uri: !Sub "https://${AlbInternalCertificateDns}" + passthroughBehavior: when_no_match + timeoutInMillis: 29000 + responses: + default: + statusCode: "200" + responseParameters: + method.response.header.Access-Control-Allow-Origin: "'*'" + method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" + method.response.header.Access-Control-Allow-Methods: "'GET'" + responses: + "200": + description: "200 response" + headers: + Access-Control-Allow-Origin: + type: "string" + Access-Control-Allow-Headers: + type: "string" + Access-Control-Allow-Methods: + type: "string" + operationId: "RootOperation" VPCLinkRest: Type: AWS::ApiGateway::VpcLink @@ -251,4 +232,4 @@ Resources: Outputs: PrivateIntApiEndpoint: Description: API Endpoint - Value: !Sub "https://${PrivateIntApi}.execute-api.${AWS::Region}.amazonaws.com/Prod" \ No newline at end of file + Value: !Sub "https://${PrivateIntApi}.execute-api.${AWS::Region}.amazonaws.com/Prod" From 9c1819be6ee4047d66fd7c818a87919997996aed Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Sat, 10 May 2025 15:59:57 +0530 Subject: [PATCH 05/10] Update example-pattern.json with bio --- rest-api-alb-integration-workaround/example-pattern.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rest-api-alb-integration-workaround/example-pattern.json b/rest-api-alb-integration-workaround/example-pattern.json index 59a2869ae..d1d888664 100644 --- a/rest-api-alb-integration-workaround/example-pattern.json +++ b/rest-api-alb-integration-workaround/example-pattern.json @@ -3,7 +3,7 @@ "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", "language": "Python", "level": "200", - "framework": "YAML", + "framework": "AWS SAM", "introBox": { "headline": "How it works", "text": [ @@ -48,7 +48,8 @@ { "name": "Vamsi Pulikonda", "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", - "linkedin": "https://www.linkedin.com/in/vamsipulikonda/" + "linkedin": "vamsipulikonda", + "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services." } ] } From e8b4eb5a44eb18e15cd0f34971e48836a60c5057 Mon Sep 17 00:00:00 2001 From: Udit Parikh Date: Thu, 15 May 2025 14:29:10 +0530 Subject: [PATCH 06/10] Create rest-api-private-alb-integration.json --- rest-api-alb-integration-workaround.json | 93 ++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 rest-api-alb-integration-workaround.json diff --git a/rest-api-alb-integration-workaround.json b/rest-api-alb-integration-workaround.json new file mode 100644 index 000000000..9543ac506 --- /dev/null +++ b/rest-api-alb-integration-workaround.json @@ -0,0 +1,93 @@ +{ + "title": "REST API Integration with Private ALB integration", + "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", + "language": "Python", + "level": "200", + "framework": "AWS SAM", + "introBox": { + "headline": "How it works", + "text": [ + "To work around this limitation for private ALBs, a multi-step approach is necessary", + "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.", + "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer", + "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", + "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", + "projectFolder": "rest-api-alb-integration-workaround", + "templateFile": "template.yaml" + } + }, + "resources": { + "bullets": [ + { + "text": "How do I integrate an API Gateway REST API with an Application Load Balancer", + "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers" + } + ] + }, + "deploy": { + "text": [ + "sam deploy" + ] + }, + "testing": { + "text": [ + "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: sam delete." + ] + }, + "authors": [ + { + "name": "Vamsi Pulikonda", + "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", + "linkedin": "vamsipulikonda", + "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services." + } + ], + "patternArch": { + "icon1": { + "x": 15, + "y": 50, + "service": "apigw", + "label": "Amazon API Gateway" + }, + "icon2": { + "x": 43, + "y": 50, + "service": "alb", + "label": "Network Load Balancer" + }, + "icon3": { + "x": 70, + "y": 50, + "service": "alb", + "label": "App. Load Balancer" + }, + "icon4": { + "x": 92, + "y": 50, + "service": "lambda", + "label": "AWS Lambda" + }, + "line1": { + "from": "icon1", + "to": "icon2" + }, + "line2": { + "from": "icon2", + "to": "icon3" + }, + "line3": { + "from": "icon3", + "to": "icon4" + } + } +} From bf25150aa5d3dcd2f6577195f72b61e905300754 Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Sat, 17 May 2025 06:26:24 +0530 Subject: [PATCH 07/10] Chnaged file name and foldername --- .../example-pattern.json | 55 ----------- .../README.md | 0 .../example-pattern.json | 93 +++++++++++++++++++ .../src/app.js | 0 .../template.yaml | 0 5 files changed, 93 insertions(+), 55 deletions(-) delete mode 100644 rest-api-alb-integration-workaround/example-pattern.json rename {rest-api-alb-integration-workaround => rest-api-private-alb-integration}/README.md (100%) create mode 100644 rest-api-private-alb-integration/example-pattern.json rename {rest-api-alb-integration-workaround => rest-api-private-alb-integration}/src/app.js (100%) rename {rest-api-alb-integration-workaround => rest-api-private-alb-integration}/template.yaml (100%) diff --git a/rest-api-alb-integration-workaround/example-pattern.json b/rest-api-alb-integration-workaround/example-pattern.json deleted file mode 100644 index d1d888664..000000000 --- a/rest-api-alb-integration-workaround/example-pattern.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "title": "REST API Integration with Private ALB integration", - "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", - "language": "Python", - "level": "200", - "framework": "AWS SAM", - "introBox": { - "headline": "How it works", - "text": [ - "To work around this limitation for private ALBs, a multi-step approach is necessary", - "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.", - "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer", - "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener." - ] - }, - "gitHub": { - "template": { - "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", - "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", - "projectFolder": "rest-api-alb-integration-workaround", - "templateFile": "template.yaml" - } - }, - "resources": { - "bullets": [ - { - "text": "How do I integrate an API Gateway REST API with an Application Load Balancer", - "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers" - } - ] - }, - "deploy": { - "text": [ - "sam deploy" - ] - }, - "testing": { - "text": [ - "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page." - ] - }, - "cleanup": { - "text": [ - "Delete the stack: sam delete." - ] - }, - "authors": [ - { - "name": "Vamsi Pulikonda", - "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", - "linkedin": "vamsipulikonda", - "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services." - } - ] -} diff --git a/rest-api-alb-integration-workaround/README.md b/rest-api-private-alb-integration/README.md similarity index 100% rename from rest-api-alb-integration-workaround/README.md rename to rest-api-private-alb-integration/README.md diff --git a/rest-api-private-alb-integration/example-pattern.json b/rest-api-private-alb-integration/example-pattern.json new file mode 100644 index 000000000..013aaa8b2 --- /dev/null +++ b/rest-api-private-alb-integration/example-pattern.json @@ -0,0 +1,93 @@ +{ + "title": "REST API Integration with Private ALB integration", + "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", + "language": "Python", + "level": "200", + "framework": "AWS SAM", + "introBox": { + "headline": "How it works", + "text": [ + "To work around this limitation for private ALBs, a multi-step approach is necessary", + "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.", + "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer", + "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", + "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", + "projectFolder": "rest-api-alb-integration-workaround", + "templateFile": "template.yaml" + } + }, + "resources": { + "bullets": [ + { + "text": "How do I integrate an API Gateway REST API with an Application Load Balancer", + "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers" + } + ] + }, + "deploy": { + "text": [ + "sam deploy" + ] + }, + "testing": { + "text": [ + "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: sam delete." + ] + }, + "authors": [ + { + "name": "Vamsi Pulikonda", + "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", + "linkedin": "vamsipulikonda", + "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services." + } + ], + "patternArch": { + "icon1": { + "x": 15, + "y": 50, + "service": "apigw", + "label": "Amazon API Gateway" + }, + "icon2": { + "x": 43, + "y": 50, + "service": "alb", + "label": "Network Load Balancer" + }, + "icon3": { + "x": 70, + "y": 50, + "service": "alb", + "label": "App. Load Balancer" + }, + "icon4": { + "x": 92, + "y": 50, + "service": "lambda", + "label": "AWS Lambda" + }, + "line1": { + "from": "icon1", + "to": "icon2" + }, + "line2": { + "from": "icon2", + "to": "icon3" + }, + "line3": { + "from": "icon3", + "to": "icon4" + } + } +} diff --git a/rest-api-alb-integration-workaround/src/app.js b/rest-api-private-alb-integration/src/app.js similarity index 100% rename from rest-api-alb-integration-workaround/src/app.js rename to rest-api-private-alb-integration/src/app.js diff --git a/rest-api-alb-integration-workaround/template.yaml b/rest-api-private-alb-integration/template.yaml similarity index 100% rename from rest-api-alb-integration-workaround/template.yaml rename to rest-api-private-alb-integration/template.yaml From 17ed362dc45350e2760bb5f3456ce2bcb26cea0f Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Sat, 17 May 2025 06:43:02 +0530 Subject: [PATCH 08/10] Chnaged file name --- .../example-pattern.json | 93 ------------------- 1 file changed, 93 deletions(-) delete mode 100644 rest-api-private-alb-integration/example-pattern.json diff --git a/rest-api-private-alb-integration/example-pattern.json b/rest-api-private-alb-integration/example-pattern.json deleted file mode 100644 index 013aaa8b2..000000000 --- a/rest-api-private-alb-integration/example-pattern.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "title": "REST API Integration with Private ALB integration", - "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", - "language": "Python", - "level": "200", - "framework": "AWS SAM", - "introBox": { - "headline": "How it works", - "text": [ - "To work around this limitation for private ALBs, a multi-step approach is necessary", - "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.", - "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer", - "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener." - ] - }, - "gitHub": { - "template": { - "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", - "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", - "projectFolder": "rest-api-alb-integration-workaround", - "templateFile": "template.yaml" - } - }, - "resources": { - "bullets": [ - { - "text": "How do I integrate an API Gateway REST API with an Application Load Balancer", - "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers" - } - ] - }, - "deploy": { - "text": [ - "sam deploy" - ] - }, - "testing": { - "text": [ - "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page." - ] - }, - "cleanup": { - "text": [ - "Delete the stack: sam delete." - ] - }, - "authors": [ - { - "name": "Vamsi Pulikonda", - "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", - "linkedin": "vamsipulikonda", - "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services." - } - ], - "patternArch": { - "icon1": { - "x": 15, - "y": 50, - "service": "apigw", - "label": "Amazon API Gateway" - }, - "icon2": { - "x": 43, - "y": 50, - "service": "alb", - "label": "Network Load Balancer" - }, - "icon3": { - "x": 70, - "y": 50, - "service": "alb", - "label": "App. Load Balancer" - }, - "icon4": { - "x": 92, - "y": 50, - "service": "lambda", - "label": "AWS Lambda" - }, - "line1": { - "from": "icon1", - "to": "icon2" - }, - "line2": { - "from": "icon2", - "to": "icon3" - }, - "line3": { - "from": "icon3", - "to": "icon4" - } - } -} From a85b2f6def5dc713eeabd70ff2bd232cdb3c69e5 Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Sat, 17 May 2025 07:08:52 +0530 Subject: [PATCH 09/10] Updated file contents --- .../rest-api-private-alb-integration.json | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 rest-api-private-alb-integration/rest-api-private-alb-integration.json diff --git a/rest-api-private-alb-integration/rest-api-private-alb-integration.json b/rest-api-private-alb-integration/rest-api-private-alb-integration.json new file mode 100644 index 000000000..013aaa8b2 --- /dev/null +++ b/rest-api-private-alb-integration/rest-api-private-alb-integration.json @@ -0,0 +1,93 @@ +{ + "title": "REST API Integration with Private ALB integration", + "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.", + "language": "Python", + "level": "200", + "framework": "AWS SAM", + "introBox": { + "headline": "How it works", + "text": [ + "To work around this limitation for private ALBs, a multi-step approach is necessary", + "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.", + "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer", + "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround", + "templateURL": "serverless-patterns/rest-api-alb-integration-workaround", + "projectFolder": "rest-api-alb-integration-workaround", + "templateFile": "template.yaml" + } + }, + "resources": { + "bullets": [ + { + "text": "How do I integrate an API Gateway REST API with an Application Load Balancer", + "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers" + } + ] + }, + "deploy": { + "text": [ + "sam deploy" + ] + }, + "testing": { + "text": [ + "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: sam delete." + ] + }, + "authors": [ + { + "name": "Vamsi Pulikonda", + "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg", + "linkedin": "vamsipulikonda", + "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services." + } + ], + "patternArch": { + "icon1": { + "x": 15, + "y": 50, + "service": "apigw", + "label": "Amazon API Gateway" + }, + "icon2": { + "x": 43, + "y": 50, + "service": "alb", + "label": "Network Load Balancer" + }, + "icon3": { + "x": 70, + "y": 50, + "service": "alb", + "label": "App. Load Balancer" + }, + "icon4": { + "x": 92, + "y": 50, + "service": "lambda", + "label": "AWS Lambda" + }, + "line1": { + "from": "icon1", + "to": "icon2" + }, + "line2": { + "from": "icon2", + "to": "icon3" + }, + "line3": { + "from": "icon3", + "to": "icon4" + } + } +} From 2de2e4859fc856e87f2418944e4a642ed70af658 Mon Sep 17 00:00:00 2001 From: vamsi pulikonda Date: Sat, 17 May 2025 07:16:31 +0530 Subject: [PATCH 10/10] renamed file --- ...ation-workaround.json => rest-api-private-alb-integration.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rest-api-alb-integration-workaround.json => rest-api-private-alb-integration.json (100%) diff --git a/rest-api-alb-integration-workaround.json b/rest-api-private-alb-integration.json similarity index 100% rename from rest-api-alb-integration-workaround.json rename to rest-api-private-alb-integration.json