There is requirement we need to create a new AWS API Gateway but our Domain resits in the Digitalocean, So can we point the API gateway endpoint to the digitalocean domain. So the traffic should come to the domain and then API gateway.
Yes you can do that, you have to
Request certificate
Approve certificate (To prove your ownership of domain)
Create custom domain for API Gateway
Add base-path mapping (Attach to respective API endpoint)
Please follow below detailed link
https://medium.com/#maciejtreder/custom-domain-in-aws-api-gateway-a2b7feaf9c74
Related
We are using Cognito for authentication and authorization for our microservices deployed in ec2, We are currently using ALB in front of ec2 which is connected to Route-53 and then connected with API gateway, Indeed we knew this is not a good way of using both the service but was using it in a hurry. Now we have time to correct this.
What we want to do:
Use Cognito for authorization and authentication for our microservices deployed in ec2
Use auto sccaling in case of high traffic
Map some of the exposed API, with our custom domain url.
Any security related practices for both internal and external calls that we should take care!
I will be really gratefull for help from all the techies out there!
Thanks!
I have developed a google analytics management app using google API's and oauth2. I could add localhots:8001 successfully in redirect URI.
Now I have deployed my app in aws ec2 instance. I need to add my aws ec2 instance domain name as redirect uri. It is not taking my ec2 domain name. It says domain must be added in authorized domain list.
I would need to know what are the basic steps to figure out such situations.
The only way to add a redirect uri is if you own the domain. Then you can point the domain to to your server (ec2 address).
If you already own the domain, then see the process for pointing the domain to a server in your domain registrar.
Then use that url for redirect after auth.
I've set up an Amazon API Gateway instance with a mock back-end and have it working perfectly.
I've also set up a RESTful API and deployed to AMAZON EC2. I can access it publically with Postman.
What I would like to do now is proxy all calls through the API gateway. Then block public access to the EC2 instance.
The problem is that I'm really struggling to find clear documentation on how this is done - which makes me think I might be doing things incorrectly, architecturally speaking.
My EC2 instance gives me a public DNS address, and a private one. I've tried setting the API gateway to point to the private address over HTTP, but the URL doesn't validate in the AWS Gateway - and wont save.
If someone could explain to me in plain English how this is supposed to work at a high level, and perhaps point to documentation, that would be absolute gold.
This is what API Gateway calls a private integration.
API Gateway is not, itself, inside your VPC, so the solution uses a Network Load Balancer and VPC PrivateLink to allow API Gateway to access your private resources.
Documentation and setup can be found here:
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html
Don't confuse private integrations with private endpoints which allow the opposite -- with private endpoints, resources in your VPC are able to access an API deployed in API Gateway, without exposing the API Gateway endpoint itself to the Internet.
I have created public API using AWS api gateway with the resource cars and a GET method. I also have backend API,/api/routing, that is hosted on EC2 windows instance. The backend API only accepts POST request and used for routing the request based on some header values.
In integration request i also have Mapping Template setup so it can POST data to api/routing
So the integration request for cars public API looks like below
The Inbound rules for EC2 instance
Issue
The Endpoint URL is using private ip of EC2 instance. When i Test cars api i get error
Execution failed due to configuration error: Invalid endpoint address
If i change the Endpoint Url to use public ip address then its working as expected
Eventually, i would like to access backend API using private-ip. The EC2 instance is a free instance that AWS created.
I understand that if i have VPC then in API Gateway i need to setup VPC Links, but I have not created any VPC.(unless aws by default creates one).
found it. After creating VPC link I was still selecting Integration Type as HTTP..it should be VPC Link
I'm new to Lambda... Assuming I have an API Gateway that invokes my Lambda function (node.js) upon some HTTPS POST request from the web, how do I perform SSL peer authentication of the original HTTP client?
For example, let's say some server on the internet performs an HTTP POST to my API Gateway, which in turn invokes my Lambda. I want my Lambda to allow requests only from a client whose SSL certificate is associated to a specific domain..
thanks!
Lambda does not deal with SSL certificates. API Gateway does.
Also, API Gateway does not provide you with HTTP endpoints, only HTTPS.
From the FAQ:
Q: Can I create HTTPS endpoints?
Yes, all of the APIs created with Amazon API Gateway expose HTTPS endpoints only. Amazon API Gateway does not support unencrypted (HTTP) endpoints. By default, Amazon API Gateway assigns an internal domain to the API that automatically uses the Amazon API Gateway certificate. When configuring your APIs to run under a custom domain name, you can provide your own certificate for the domain.
To set up your specific domain, see the following link:
Set up Custom Domain Name for API Host Name
The Lambda authorizer is passed in Cert data from the request.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-input.html