We're an IPv6 shop using the AWS Direct Connect (Private VIF). Since API Gateway is not a dual-stack service, we need a workaround to be able to access it over the Direct Connect. We cannot use Cloudfront. Ideally, we'd like to use a Network Load Balancer (dual stack) to forward the API Gateway, but will consider any other ideas or experiences that others might have. In all instances of tutorials I've studied, it seems that the coin is flipped...in that API Gateway can contact the Network Load Balancer via execute-api endpoints. ...but we need the visa-versa. My ask here is can it be done, and if so, how?
AWS 官方已更新 10 个月前
Hi Uri. Thank you for your reply. I've done just as you outlined. Private REST API (petstore) and have confirmed that I'm referencing the correct vpce within it. I have created an IP Target group with the internal IP addresses assigned to the endpoint ENIs. Once it was all wired up, it's time to test. In the web browser, when I hit the DNS for my NLB, it churns a bit then attempts to download a DMS file (Database migration?). That's progress... I'm definitely not getting through to my API tho. Am I missing something?
You probably need to do the TLS termination on the NLB and for that you will need to use a certificate there. Are you using it? Try it with curl -v to see what is going on.