Aws
20 Dec 2018

Configure API Gateway with Private Elastic Beanstalk

Note: Steps were valid as of 2018; AWS console and product names may have changed since then.

API Gateway configuration

The goal of this document is to leave the configuration steps to create and connect an API Gateway to Beanstalk private services.

Blueprint API

The idea is to have a single access point to our services that are located in our private subnet through the API Gateway

  • Network Configuration Steps

    • Create a VPC with 2 subnets (One public and one private)
    • Create a NAT Gateway, attach the public subnet and create a new Elastic IP.
    • Configure or create a new Route Table for private subnet.
      • Create the route table and attach it to the VPC
      • Edit the route tables adding 0.0.0.0/0 as destination and choose the NAT Gateway as Target
    • Create the security groups for each subnet.
  • Beanstalk Configuration Steps
    • Create the Beanstalk environment and configure this:
      • Configure Network and choose your VPC and private subnet.
      • Configure Security and add your Key Pair
      • Configure Instances and choose the private security group that you have created.
      • Configure Capacity and choose an Load Balanced Environment
      • Configure Load Balancer and choose a Network Load Balancer, add a listener port (443) and a Processes port (443).
      • On Rolling Update deployment choose Inmutable as Rolling Update Type.
  • API Gateway Configuration
    • Once you have created your API Gateway, you need to createa VPC Link to connect your API Gateway to your Private Beanstalk
      • Change the Target NLB to the NLB created at the Beanstalk configuration
      • Create a Custom Domain Name (The URL created is the one we are going to register in Route53)
      • Create a stage for your API Gateway and add a Stage Variable that will target the VPC Link ID vpcLinkId
      • Choose Use Proxy Integration.
      • Change the resources (GET, POST, etc) and on Integration Request change the Integration Type to VPC Link on VPC Link choose Use Stage Variables and add the vpc Link variable ${stageVariables.vpcLinkId}
      • Change the Endpoint to the Custom Domain Name created or the one you choose, this will be used to set the Host header of the integration request.
  • Register the new URL on Route 53
    • Go to your hosted zone and create the new record on Route 53 with the Target Domain Name from Custom Domain Name as Target
Tags: