I have a couple of microservices running on EC2.
My intention is to use the AWS API gateway to allow internet access to the EC2 APIs.
Incoming Traffic is:
internet -> API Gateway -> EC2-server
I am planning to use a geedy HTTP Proxy on AWS Gateway.
But I have 2 problems:
A) How can I address the EC2 in the "URL Endpoint" in the method integration? Can I somehow use the AWS private IP?
B) How do I configure the EC2 security group to allow an API gateway request into the EC2?
Best Answer
API Gateway is intended mostly for use with Lambda, so there are some limitations. For the easiest integration, you must have your microservice public and then authenticate between API Gateway and your service by some other means. This doesn't sound like what you want to do... I wouldn't want to make my non-public services public either!
In order to do what you're asking (API Gateway to private EC2 resources), you must set up a private integration. This looks very much like how AWS implements service endpoints for services like S3. Basically, you need to put an NLB in front of your service.Then you set up API Gateway to contact that endpoint via a
VpcLinkresource. The flow looks like this:API Gateway -> VpcLink resource -> NLB -> Target Group -> EC2 instancesSee also this question