Amazon api gateway invoke url for lambda function is changing whenever the cloud formation stack is updated and restarted. How to make this Amzaon api gateway url static through cloud formation script?
Related
we can add a request validator both from aws console and CF template via serverless yml for rest apis. but this doesn't seem to work on the http apis which is the aws api gateway v2. what's the way?
Let's say I have a RESTful web service with the following API:
/
/things
/v2
/heartbeat
GET
/stuff
GET
POST
...
This service is running in an AWS Elastic Beanstalk behind an AWS API Gateway. The service itself handles routing beyond the /things path so I don't want to duplicate this routing logic in the API Gateway configuration. Is there a way I can setup my AWS API Gateway to handle any request that is /things and pass that to my service where the service will then handle routing to the correct path and method?
In other words, my API Gateway would handle a request to https://myUrl.com/things/v2/heartbeat and another request to https://myUrl.com/things/v2/stuff using the same /things resource defined in my API Gateway rather than having to define the /heartbeat and /stuff resources in the API Gateway itself.
You can use API Gateway's catch-all path variable to do that.
In your case, you'd have an method of type ANY, with the path /things/{proxy+}
The Endpoint URL you'd use would be something like: https://api.yourbackend.com/{proxy}
Here is a screenshot showing an example HTTP proxy integration in the API Gateway console:
This blog post has more details and screen shots:
https://aws.amazon.com/blogs/aws/api-gateway-update-new-features-simplify-api-development/
Is it possible to expose an API endpoint in AWS API Gateway using basic authentication ?
Basically, an API endpoint which can be accessed using username and password ?
Further I want to take the user's payload to a SNS Topic / SQS queue. ( Customer with Username & Password -> AWS GATEWAY API -> SQS/SNS)
I am seeing quite lot of articles on how to expose using JWT's , but not using basic authentication.
Regards
Guru
You can use AWS proxy integration method on API Gateway to put the payload into SQS from the API endpoint. Basic authentication is currently not supported by API Gateway.
you can create a dummy endpoint in the API Gateway, and create a Lambda function to authorize it handle the login logic inside that authorization lambda function.
Note: it works but not an good practice
I have a public Bluemix CF APP which exposes a REST Service. I would like to have the option, that the public url bound to the CFApp would be inaccessible from outside. The REST Service itself should only be usable from other CF Apps in my org, for example over API Management. I don't want to implement an own security mechanism for it, because API Management provides already everything I need to control, which clients will access my service. So some kind of private route inside Bluemix public, only available to runtimes and services in my Bluemix organisation.
This is not currently possible with IBM Bluemix, due to limitations in Cloud Foundry.
All bound routes are accessible from the external network.
If you want to have a private API exposed, you have the following options.
Add authentication to the REST API, managing the credentials as a user-provided service bound to all the apps. The API will be accessible externally but only by users with the credentials.
Use an application service, like a message queue, to expose an internal RPC-style API. Applications can bind to the same service and it will only be accessible internally.
I have created an API via basic secure connector (SOAP). The API works but I am wondering why I can't retrieve the endpoint URL from VCAP_SERVICES. Anything I miss here?
Are you using the secure connector portion of the Cloud Integration service in Bluemix? You might want to try the Secure Gateway service, which is newer and is basically just the secure connector as a standalone service without the rest of Cloud Integration.
"Reaching enterprise backend with Bluemix Secure Gateway via console" explains how to set up a Secure Gateway instance. When you create a destination, that creates an integration.ibmcloud.com URL that your app can then use to connect to your destination via the gateway. The gateway is a proxy, preserving the interface, so the cloud host URL has the same API as the destination host.