QuinnyPig
commented
5 years ago Thanks for the contribution! While I agree that this isn't ideal, "it won't scale" doesn't seem accurate. It will, it just gets expensive unless I'm missing something?
Closed volkanp-ieu closed 3 years ago
QuinnyPig
commented
5 years ago Thanks for the contribution! While I agree that this isn't ideal, "it won't scale" doesn't seem accurate. It will, it just gets expensive unless I'm missing something?
volkanp-ieu
commented
5 years ago You're right, scaling isn't the issue here, the fact that you are forced to use a layer-4 load-balancer as a reverse proxy introduces problems. Take for instance, an NLB that is upstream to an ALB which is a layer-7 load-balancer with all the path based routing and SSL offloading features, the problems arise when the ALB IP addresses change, you are quickly left with a broken API Gateway integration as the listeners are IP based.
I'm happy to amend the comment to reflect the above.
QuinnyPig
commented
5 years ago Excellent; I'll merge it in once you do. Thanks for the contribution!
On Mon, Sep 9 2019 at 7:08 AM, < notifications@github.com > wrote:
You're right, scaling isn't the issue here, the fact that you are forced to use a layer-4 load-balancer as a reverse proxy introduces problems. Take for instance, an NLB that is upstream to an ALB which is a layer-7 load-balancer with all the path based routing and SSL offloading features, the problems arise when the ALB IP addresses change, you are quickly left with a broken API Gateway integration as the listeners are IP based.
I'm happy to amend the comment to reflect the above.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub ( https://github.com/open-guides/og-aws/pull/716?email_source=notifications&email_token=AADXNUR6IMCPHMQMIL277ATQIZKETA5CNFSM4IU3N76KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6HWSWY#issuecomment-529492315 ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AADXNUSDTUGE6RSEAFVZHI3QIZKETANCNFSM4IU3N76A ).
QuinnyPig
commented
4 years ago Is this still accurate in light of https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-api-gateway-simplifies-invoking-private-apis/ ?
Limitations to what resources API Gateway can reach within a VPC.
For instance, you are unable to do basic proxying from a regional, edge-optimized or private API Gateway endpoint to a web service hosted within a VPC without an NLB deployed and placed upstream of that service. There are several problems with this, namely, you are forced to use an NLB, instead of an ELB or an ALB which are L7 load-balancers.
You also cannot proxy to a web service hosted on an EC2 instance that is in a private subnet. The EC2 instance has to be publicly accessible.