- 最新
- 最多得票
- 最多評論
For configuring API Gateway with private resources please look into https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-private.html - The gateway should point to the DNS of the NLB. Also, SSL termination generally occurs at the ALB layer. You need to create/import your certificate in certificate manager. You can also terminate SSL at the instance level. In this case ALB would act as a passthrough. This would work well if you have a single instance, because you need to import the SSL certificate within the instance. You can also offload this to Cloud HSM but that would increase the cost.
NLB is a layer 4 load balancer so it does not look at the content of the request for routing decisions. ALB is a layer 7 load balancer so it does look at the content. API Gateway uses the domain part of the URL to populate the Host header. You can use the port part of the URL to let NLB route to different targets based on the port number.
Given all of the above, you should probably use the DNS name of the ALB, which then can use it to route to different target groups.
TLS termination can be done both in the NLB, or the ALB, usually at the ALB.
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 5 個月前
- AWS 官方已更新 6 個月前