Connect to NLB from API Gateway using VPC links

Connect to NLB from API Gateway using VPC links

You can use API Gateway VPC links and NLBs to access private resources (like EC2) via API Gateway.

Create the NLB from the EC2 Managed Console.

The “mynlb” scheme should be “internal”.

API GatewayからVPCリンクを使用してNLBに接続する

Once created, configure the API Gateway VPC link. Set mynlb as the target NLB.

API GatewayからVPCリンクを使用してNLBに接続する

Press “Create” to create a VPC link; the VPCID will be automatically generated and assigned as appropriate.

It takes about 20 minutes to create the link.

Click “Integration Request.

Specify a VPC link for the integration type.

Specify the VPCID for the VPC link.

Specify the DNS name of the network load balancer (NLB) for the Endpoint URL.

API GatewayからVPCリンクを使用してNLBに接続する

Once deployed, it will be possible to access EC2 deployed on a private subnet via API Gateway.

API GatewayからVPCリンクを使用してNLBに接続する

Transfer to EC2 Tomcat

To link from API Gateway to the EC2 tomcat app via NLB, specify the NLB DNS in the endpoint URL, set listener 80 in the EC2 target group, forward to the EC2 IP address, and set port to 8080.

Now you can access the tomcat app on EC2 from the API Gateway via NLB.

To specify the Tomcat API from the API Gateway via a VPC link, you must set the NLB DNS+URI in the endpoint URL.

Files to deployNLB DNS

The following is an example of an endpoint URL.{parameter1}/fugafuga/{parameter2}

If you specify http://NLBのDNS/, it means that webapps/ROOT/index.jsp of the backend Tomcat application will be returned.

Also, if you pass a path parameter as {hoge}, you must check the “Use proxy integration” checkbox to pass the path parameter. 500 error will result.

Is a VPC link required for Private API?

If you create a Private API with API Gateway and the endpoint is in a VPC, it appears that you need to connect from the VPC link even if it is private.