Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!
How do I integrate an API Gateway REST API with an Application Load Balancer?
I want to integrate an Amazon API Gateway REST API with an Application Load Balancer.
Resolution
Integrate an API Gateway REST API with a public Application Load Balancer
Prerequisites: Make sure that you have access to a public Application Load Balancer and its DNS name. You must also have an API Gateway REST API resource with an HTTP method.
To integrate an API Gateway Rest API with a public Application Load Balancer, complete the following steps:
- Open the API Gateway console.
- Select the API that you want to integrate with the Application Load Balancer.
- In Resources, for Methods, select the HTTP method that your API uses.
- Choose Integration request.
- For Integration type, choose HTTP.
Note: To pass the API request and its parameters to the backend Application Load Balancer, create an HTTP proxy integration or an HTTP custom integration. For more information, see HTTP integrations for REST APIs in API Gateway. - For Endpoint URL, enter a DNS name. Use either the Application Load Balancer's default DNS name or a custom DNS name.
- Add the configured protocol of the Application Load Balancer's listener. For example, an Application Load Balancer that's configured with an HTTPS listener on port 8080 requires the https://domain-name:8080/ endpoint URL format.
Important: Choose port and listener rules to create an HTTP listener or HTTPS listener for the Application Load Balancer. For more information, see Listeners for your Application Load Balancers. For an Application Load Balancer that's configured with an HTTPS listener, an API Gateway-supported certificate authority must issue the associated certificate. To use a self-signed certificate or one that a private certificate authority issued, set insecureSkipVerification to true in the integration's tlsConfig extension. - Choose Save.
- Deploy the API.
Secure your public Application Load Balancer
The security group rules must allow traffic from the API Gateway IP addresses for the API's AWS Region.
You must use an HTTP header condition to configure an Application Load Balancer listener rule that requires the x-amzn-apigateway-api-id request header to match your API ID.
Integrate an API Gateway REST API with a private Application Load Balancer
Complete the following steps:
- Use an API Gateway VPC link to integrate your API with a private Network Load Balancer to provide access to your resources within your Amazon Virtual Private Cloud (Amazon VPC).
- Use the Network Load Balancer to forward the API request to the private Application Load Balancer.
Secure your private Application Load Balancer
Make sure that you configure a security group rule for the Application Load Balancer that allows only the IP address of the Network Load Balancer.
Great content, Brent!
Is the private integration still relevant? No way to connect to private ALB without VPC Link and NLB??
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Is this info still accurate?
in this documentation mentions that both are allowed, not only NLB. Not sure about apigateway (not apigatewayv2), though.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
In the case of using a public load balancer.
- How can you assure that the Load Balancer only allows traffic from the api gateway?
- Will data egress costs be charged twice due to data passing through two public endpoints?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked a year ago
