Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to get permanent IPs for HTTP API Gateway?

0

I have public endpoint api.example.com, which is custom domain for my AWS API HTTP Gateway (with ALB plus ECS services as backend). But my new partner required permanent IPs. What is the simplest architecture for such requirement - using managed AWS services, i.e. without EC2 with reverse proxy? I know that Global Accelerator or NLB provide permanent IPs, bit they don't support API HTTP Gateway as a backend. I saw this suggestion "NLB → VPC Endpoint → API Gateway", but NLB target group doesn't support VPC endpoint AFAIK.

TIA, Vitaly

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon API GatewayNetwork Load Balancer
Language
English
asked 10 months ago431 views
2 Answers
2

Hello.

The following AWS blog may be helpful:
This blog explains how to provide a static IP address using Global Accelerator and a private API Gateway.
https://aws.amazon.com/jp/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/

I haven't tried it, but I think it's possible to provide a static IP address with NLB as well.
In either case, you will need to create a private API Gateway and configure an NLB or similar that targets the VPC endpoint IP address.
Since the IP address of an interface-type VPC endpoint does not change from creation to deletion, it is possible to specify an IP address as the target of an NLB.
https://medium.com/@t.rakeshkumer/static-ip-for-aws-api-gateway-using-nlb-e5c8d07396ab

EXPERT
answered 10 months ago
0

To get permanent IPs for your API Gateway with a custom domain, you have a few options using managed AWS services without needing to set up EC2 instances as reverse proxies.

The most straightforward approach is to use AWS Global Accelerator with a Network Load Balancer (NLB) as an intermediary. Here's how you can set it up:

  1. Deploy your API Gateway as a Private API instead of a public one
  2. Create an NLB in your VPC that forwards requests to the API Gateway's VPC Link ENI (Elastic Network Interface)
  3. Set up AWS Global Accelerator with the NLB as the endpoint

This architecture provides you with two static IP addresses from Global Accelerator that will remain constant even if the underlying infrastructure changes. The traffic flow would be:

Client → Global Accelerator (static IPs) → NLB → Private API Gateway → Your backend services

For cross-account setups, you would need to ensure proper VPC connectivity and permissions. If you're working within a single account, the setup is more straightforward.

Another option is to use a custom domain with API Gateway and set up DNS forwarding to route traffic through a solution that provides static IPs. However, the NLB with Private API Gateway approach is generally more reliable for ensuring static IP addressing.

Remember that when configuring your custom domain in API Gateway, you can choose between IPv4 only or dualstack (IPv4 and IPv6) for the IP address type, which might be relevant depending on your partner's requirements.
Sources
Create ALB on Edge Optimized Public Api Gateway endpoint to integrate with Global Accelerator | AWS re:Post
APIGateway and NLB cross account integration | AWS re:Post
API Gateway - Custom Domain DNS | AWS re:Post
IP address types for custom domain names for HTTP APIs - Amazon API Gateway

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content