Correct Architecture Set Up for a Public and Private API?


I have a monolith that I run on ECS - within this monolith I have a user (public) api and a admin (private) api.

My ECS service sits behind an Internal ALB - if I want the admin api to only be available through a Private API Gateway inside the VPC and the user api to be available through a Public API Gateway outside the VPC - but both have a Cognito authorizer and point to the same Internal ALB - is the diagram attached the correct set up or is there a better way to do this?

Thanks for your help!

Example Architecture

1 Answer
Accepted Answer

This is the correct setup, however, REST APIs do not support VPC Link to ALB. You will need to go via NLB. HTTP API does support connecting to ALB, but you can't make it private. So you will need to change ALB to NLB.

profile pictureAWS
answered 3 months ago
profile picture
reviewed a month ago
  • Thank you for your answer Uri, and for clarifying I need to use an NLB - this is so helpful as it's my first time setting it up! :)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions