Let's say I have a RESTful web service with the following API:
/
/things
/v2
/heartbeat
GET
/stuff
GET
POST
...
This service is running in an AWS Elastic Beanstalk behind an AWS API Gateway. The service itself handles routing beyond the /things path so I don't want to duplicate this routing logic in the API Gateway configuration. Is there a way I can setup my AWS API Gateway to handle any request that is /things and pass that to my service where the service will then handle routing to the correct path and method?
In other words, my API Gateway would handle a request to https://myUrl.com/things/v2/heartbeat and another request to https://myUrl.com/things/v2/stuff using the same /things resource defined in my API Gateway rather than having to define the /heartbeat and /stuff resources in the API Gateway itself.
You can use API Gateway's catch-all path variable to do that.
In your case, you'd have an method of type ANY, with the path /things/{proxy+}
The Endpoint URL you'd use would be something like: https://api.yourbackend.com/{proxy}
Here is a screenshot showing an example HTTP proxy integration in the API Gateway console:
This blog post has more details and screen shots:
https://aws.amazon.com/blogs/aws/api-gateway-update-new-features-simplify-api-development/
Related
we have an issue with implementing mTLS with cloudfront. We would like to route requests through cloudfront / WAF, to the api gateway custom origin using mTLS.
It looks like this use case is unsupported, wondering if there are any good workarounds or any other options we could use? We want to use cloudfront with the WAF, since WAF is not supported on the HTTP gateway.
If you trying ensure that all request go through Cloud Front you could inject a secret header and check it on the Http API with a lambda authorizer.
https://aws.amazon.com/blogs/networking-and-content-delivery/restricting-access-http-api-gateway-lambda-authorizer/
I've added certificate with custom domain name map in AWS API gateway but it allows HTTP automatically, how can I block normal HTTP and only allows HTTPS?
All API Gateway APIs are fronted with a CloudFront distribution. Each of these CloudFront distributions (whether it's a Custom Domain like yours or the default *.execute-api distribution) is configured to redirect all HTTP requests to HTTPS. Although CloudFront has the option to strictly require HTTPS and return 403 on HTTP requests we currently don't expose this option for simplicity.
If you feel you have valid use case for requiring HTTPS without a redirect please open a support ticket and the team can evaluate your request.
I am running Cisco UCCX 11.0 which is a Contact Center server that is based on a Java scripting engine. Scripts are build using the 'Script Editor' software where you drag elements (Java Beans) to define the script logic. One of the steps in the script is to perform a REST Call. Unfortunately this step does not support adding Custom Headers such as Authorization headers and thus is limited to Basic Authentication only.
I would like the script to make a REST Call to an external API that uses a static Bearer Token. Am I correct in saying I could use Kong Gateway for this? Here is my idea of the flow:
UCCX Makes REST Call to Kong with Basic Authentication ---> Kong Gateway recieves the request ---> Kong Gateway makes it's request to External API with static Bearer Token ---> External API responds back to Kong ---> Kong forwards the Response back to UCCX
Is this type of flow possible/easy to deploy?
This can easily be managed by assigning the Request Transformer plugin to the Kong API exposing the upstream service.
Example:
Let's assume you have an API endpoint on Kong called /myapi that is forwarding to your upstream service.
You then assign the Request Transformer plugin to the /myapi API.
For your case, you will most likely want to be using the config.add.headers option when configuring the Request Transformer plugin to add the required header authentication which will be added to all upstream requests.
Relevant Gitter Conversation:
https://gitter.im/Mashape/kong?at=587c3a9c074f7be763d686db
I'm trying to setup AWS Api Gateway as a reverse proxy for my actual deployed API.
My understanding is that I do this by creating a "Proxy" Resource and then specifying my http endpoint URL - as described here
Create and Test an API with HTTP Proxy Integration through a Proxy Resource
This works fine when I try to use the API through the "Test" function within the Resource Editor. I can make calls to any exposed resources using GET methods and see the successful responses.
However, when I deploy the API Gateway API I can no longer access anything using the "Invoke URL" it gives me - I simply get:
{
"Message": "No HTTP resource was found that matches the request URI 'http://<myuniqueid>.execute-api.eu-west-1.amazonaws.com/api/Sector/100'.",
"MessageDetail": "No type was found that matches the controller named 'Sector'."
}
If I remove the "Use HTTP Proxy integration" checkbox from the "Integration Request" I can get it working, but why doesn't it work as a proxy?
I suspect that this is caused by a known issue with the HTTP proxy integration. When you use an HTTP proxy integration, API Gateway passes all headers through to the integration endpoint, including the HOST header. Many existing http endpoint require the use of a HOST header which matches their DNS name and in such cases, passing through the HOST header of the API Gateway can confuse the endpoint.
UPDATE: We identified a work-around for this issue.
In your integration request, explicitly add a header named "Host" and give it the value of the integration endpoint DNS name. This will replace the Host header forwarded from the incoming client request with the Host header you specify. This should allow your backend endpoint to function correctly.
Let's consider this simple scenario for the AWS API Gateway.
I have a resource with a request path variable /numbers/{id} and two http endpoints: http://odd.number.io and http://even.number.io.
How can I setup AWS API Gateway to route requests to one or the other endpoint when the id is an odd or an even number?
Is this possible?
That is not possible with API Gateway alone. You could proxy through a Lambda function where you can execute a logical decision, but API Gateway itself doesn't have support this kind of logical rule.