Moving Service with API to private subnet in Amazon VPC

Question

Our API was public. We'd access it from api.domain.com.

The service has moved to a private subnet with an Amazon VPC. The web app is hosted on a public instance which communicates via API to the private instance. How do we create an endpoint to access the API hosted on the private instance?

I believe we can access it via XXX.XX.XXX.XXX which is the private IP address of the instance. However, we'd prefer to access it with a named endpoint such as api.domain.com. How can we do this?

Is this as easy as editing the /etc/hosts file on the public instance?
XXX.XX.XXX.XXX api.domain.com
I worry about the scalability / reliability of this method.

Yes. Same VPC - web app in public subnet, api service in private subnet — csi, Dec 24 '15 at 02:25
The API service will only be accessed by the web app - never exposed to the public. — csi, Dec 24 '15 at 02:26

score 1 · Accepted Answer · edited Dec 24 '15 at 02:33

1

Create a Private Hosted Zone in Route53 to resolve DNS names within your VPC.

edited Dec 24 '15 at 02:33

csi

9,018
8
61
81

answered Dec 24 '15 at 02:28

Mark B

183,023
24
297
295

The public web app - should it have an A record in both public & private hosted zones? www.domain.com resolving to the same public IP? – csi Dec 24 '15 at 02:41
2

You shouldn't need to duplicate anything like that from your public zone. You should only need to create a new record for it in your private zone if you want to use the internal IP to hit it from within the VPC. – Mark B Dec 24 '15 at 02:44

Moving Service with API to private subnet in Amazon VPC

1 Answers1