Public APIGW Rest Api proxy to private Fargate App in VPC via VPC Link


I have an existing API Gateway REST Api with a Resource I want to use as a public ingress for an Application Load Balanced Fargate App that lives inside a VPC. I know in order to make this work I need to create a VPC Link and use that as an integration in my API Resource. My question is twofold:

  1. What kind of VPC Endpoint should I create such that my Public APIGW REST API can talk to my Application Load Balanced Fargate App behind a VPC via VPC Link? (e.g. ecs, ec2..etc?)

  2. What is the structure of the endpoint url that I will use in my APIGW Resource VPC Link integration? Or better yet, where can I find documentation on how to construct this url?

Thanks in advance!

  • Quick question: why do you want to use an ALB (over an NLB)? The API Gateway has already done the layer-7 stuff, so surely all you need is to throw the traffic onto a port and let the NLB direct it to the right container service?

    E.g. /foo/{proxy+} -> 5001 -> FooService /bar/{proxy+} -> 5002 -> BarService

2 Answers

Hi There,

I think you need to shift to another API option : HTTP API, so that you can have a direct private integration with your internal ALB. This is perfect solution for you.

The below AWS post answers all your query

Thanks & Regards,

answered 2 years ago
  • I think that would work as that is the example I have seen in a few places, though I would like to avoid changing the APIGW API Type if possible. We have some other integrations that would need to be reworked to make that happen, or I suppose we could use a secondary APIGW API, but it would be nice to avoid that. Thanks!


REST APIs only support VPC Link to a Network Load Balancer (NLB). ALB's are not supported. You can either use HTTP API which do support ALB (in case the current feature set of HTTP API is appropriate for what you need) or you can use a solution Like this: API Gateway -> VPC Link -> NLB -> ALB -> Application.

You can find more info here.

profile pictureAWS
answered 2 years ago
  • Ah that is great to know! And so if I rephrased my question but in terms of "API Gateway (REST API) -> VPC Link -> NLB", what is the structure of the VPC Endpoint Url and what type of VPC Endpoint would I use?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions