Share Your AWS re:Post Experience - Quick 3 Question Survey and Earn a re:Post Badge

Help us improve AWS re:Post! We're interested in understanding how you use re:Post and its impact on your AWS journey. Please take a moment to complete our brief 3-question survey

Can a network load balancer front an API Gateway?

We're an IPv6 shop using the AWS Direct Connect (Private VIF). Since API Gateway is not a dual-stack service, we need a workaround to be able to access it over the Direct Connect. We cannot use Cloudfront. Ideally, we'd like to use a Network Load Balancer (dual stack) to forward the API Gateway, but will consider any other ideas or experiences that others might have. In all instances of tutorials I've studied, it seems that the coin is flipped...in that API Gateway can contact the Network Load Balancer via execute-api endpoints. ...but we need the visa-versa. My ask here is can it be done, and if so, how?

Topics

Networking & Content Delivery Serverless Front-End Web & Mobile

Tags

Amazon VPC Amazon API Gateway IPv6 Network Load Balancer

Language

English

hezron

asked 3 years ago3.1K views

1 Answer

Newest
Most votes
Most comments

You can place an NLB in front of a Private API. The target group for the NLB needs to be IPs and you will need to use the IP addresses that are listed in the VPC Endpoint ENIs for the Private API.

EXPERT

Uri

answered 3 years ago

hezron
3 years ago
Hi Uri. Thank you for your reply. I've done just as you outlined. Private REST API (petstore) and have confirmed that I'm referencing the correct vpce within it. I have created an IP Target group with the internal IP addresses assigned to the endpoint ENIs. Once it was all wired up, it's time to test. In the web browser, when I hit the DNS for my NLB, it churns a bit then attempts to download a DMS file (Database migration?). That's progress... I'm definitely not getting through to my API tho. Am I missing something?
Uri EXPERT
3 years ago
You probably need to do the TLS termination on the NLB and for that you will need to use a certificate there. Are you using it? Try it with curl -v to see what is going on.

Relevant content

Can an Application Load Balancer invoke an API Gateway HTTP API via a VPC Endpoint Interface?
Accepted Answer
stromae
asked 2 years ago
Connecting the API Gateway to a private VPC
Accepted Answer
Daniil
asked a year ago
How to Use Amplify with a Private API Gateway?
Dheeraj Srinivas
asked 4 months ago
Unable to Connect API Gateway to Internal Network Load Balancer in VPC
Accepted Answer
Suresh-Andem
asked a year ago
How do I create a private integration with an internal Application Load Balancer for an API Gateway HTTP API?
AWS OFFICIALUpdated 6 months ago
How do I connect my private network to AWS public services using an AWS Direct Connect public VIF?
AWS OFFICIALUpdated 2 years ago
How do I connect to a private API Gateway over a Direct Connect connection?
AWS OFFICIALUpdated a year ago
How do I use an Application Load Balancer or a Network Load Balancer to invoke an API Gateway private API?
AWS OFFICIALUpdated 6 months ago
How can we map entire AWS VPC CIDR to a single IP address using Private NAT Gateway via AWS Site to Site VPN connection.
EXPERT
Narinder Singh Kharbanda
published 2 years ago
Why can't I connect to a peered VPC when using an AWS Site-to-Site VPN connection that terminates on a virtual private gateway?
EXPERT
Karthikiran Ilango
published 2 years ago