- Newest
- Most votes
- Most comments
Regarding the completely different approach you were asking about, you should consider using a CloudFront distribution rather than ALB in front of the API Gateway. The API Gateway and ALB are both regional resources, so traffic from your end users travels over the public internet to the AWS region where the API Gateway and/or ALB are located.
By comparison, CloudFront has edge locations distributed around the world and connected to AWS's backbone network. While the API Gateway will ultimately still be geographically just as far away, traffic from end users will go to one the CloudFront edge locations closest to the user. CloudFront will use AWS's own, high-capacity backbone network (and not the general internet) to carry the request the rest of the way to your API Gateway. The return path for the response is the same but in the reverse direction.
You can also leverage the various traffic routing options that CloudFront provides, the scalability of WAF (Web Application Firewall) when combined with the global array of CloudFront edge locations, the optional Shield Advanced DDoS protection combined with CloudFront's global scalability, caching of content at the edge, and other advanced options like CloudFront Functions to manipulate requests or responses that are examples of options that aren't available or are more limited with regional resources, such as an API Gateway or ALB.
AWS has a support article with detailed instructions for setting up the custom CloudFront distribution for the API Gateway here: https://repost.aws/knowledge-center/api-gateway-cloudfront-distribution
You can put an API Gateway in the front and route the v2 to Lambda and v1 to an HTTP endpoint, which points to the ALB.
You can also do it the other way around, however, you will need to use a Private API Gateway and point the ALB to the Address of the VPC Endpoint that you will create to access the API from the VPC.
Relevant content
- asked 6 months ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 12 days ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated a year ago