I want to integrate an Amazon API Gateway REST API with an Application Load Balancer.
Short description
To integrate your API Gateway REST API with a public Application Load Balancer, use API Gateway HTTP integration.
For private Application Load Balancers, use an API Gateway virtual private cloud (VPC) link to connect to a private Network Load Balancer. Then, use the Network Load Balancer to forward API Gateway requests to the private Application Load Balancer.
Note: Although you can't directly integrate your REST API with private Application Load Balancers, you can configure private integration with your HTTP APIs and WebSocket APIs.
Resolution
Integrate an API Gateway REST API with a public Application Load Balancer
Prerequisites:
- Access to a public Application Load Balancer and its DNS name
- An API Gateway REST API resource with an HTTP method
Complete the following steps:
- Open the API Gateway console.
- Choose the API that you want to integrate with the Application Load Balancer.
- In Resources, for Methods, choose the HTTP method that your API uses.
- Choose Integration request.
- For Integration type, choose HTTP.
Note: To pass the entire API request and its parameters to the backend Application Load Balancer, create an HTTP proxy integration or an HTTP custom integration. For more information, see HTTP integrations for REST APIs in API Gateway.
- In the Endpoint URL field, enter a DNS name. Use either the Application Load Balancer's default DNS name or a custom DNS name.
- Add the configured protocol of the Application Load Balancer's listener. For example, an Application Load Balancer that's configured with an HTTPS listener on port 8080 requires the https://domain-name:8080/ endpoint URL format.
Important: Choose port and listener rules to create an HTTP listener or HTTPS listener for the Application Load Balancer. For more information, see Listeners for your Application Load Balancers. For an Application Load Balancer that's configured with an HTTPS listener, an API Gateway-supported certificate authority must issue the associated certificate. To use a self-signed certificate or one that a private certificate authority issued, set insecureSkipVerification to true in the integration's tlsConfig extension.
- Choose Save.
- Deploy the API.
Integrate an API Gateway REST API with a private Application Load Balancer
Complete the following steps:
- Use an API Gateway VPC to integrate your API with a private Network Load Balancer.
- Use the Network Load Balancer to forward the API request to the private Application Load Balancer.
Allow access to an Application Load Balancer only from API Gateway
Take the following actions:
- It's a best practice to use a private integration with the Application Load Balancer as the target of a Network Load Balancer through a VPC link. For a private integration, configure a security group rule for the Application Load Balancer that allowlists only the IP address of the Network Load Balancer.
- If the integration and the Application Load Balancer are public, then configure security group rules that allowlist API Gateway IP addresses for the API's AWS Region.