4

Hi We have an aws API gateway configured with lambda and now want to integrate with a vendor wherein vendor want us to provide him with a Static IP against the API Gateway that we have. As per my knowledge API gateway serves request through Dynamic Elastic IP which are listed here

Is there a way to achieve this other than putting a forward proxy or NLB.

Shailesh Sutar
  • 370
  • 1
  • 6
  • 22
  • Why not simply bind a custom domain to API Gateway? Else just use the default DNS provided by AWS. API Gateway is a scalable service, so providing a static Elastic IP does not make any sense. – Thales Minussi Feb 17 '20 at 10:20
  • I agree with your point API Gateway is scalable service so providing static Elastic IP doesn't make sense however the vendor with whom we are integrating is asking us to provide one Static IP against the API URL. So just brainstorming around this. – Shailesh Sutar Feb 17 '20 at 11:30
  • 1
    Tell this vendor this is not possible and have them rely on the DNS – Thales Minussi Feb 17 '20 at 11:31
  • May not be possible. A lot of big companies insist on allow-listing fixed IP range, especially for real time communications. – smirnoff Apr 23 '21 at 19:36

2 Answers2

4

You cannot get a static IP if you are using a public API Gateway endpoint (Regional or Edge-optimized). The IPs allocated for APIs in any AWS region can be changed at any time and are a very wide range.

However, if you were to use a private API Gateway endpoint, you could use the below set up -

Client --> NLB(public static IP) --> VPC endpoint for API Gateway --> Private API

The execute-api VPC endpoint have a fixed IP address allocated from the VPC CIDR range. Having a NLB as a front-end(with a public static IP), you can add these IP addresses as targets in your NLB config.

Suraj Bhatia
  • 1,233
  • 3
  • 13
  • 29
  • 1
    But how about https traffic flow which will be for API gateway. I know NLB allows only TCP traffic and not https traffic. – Shailesh Sutar Feb 18 '20 at 14:39
  • Do you have a CloudFormation template for the setup you described? I'm getting lost in NLB -> VPC endpoint setup. – smirnoff Apr 23 '21 at 19:29
3

You can also use a static IP proxy service such as QuotaGuard. I use that to deal with services that want to whitelist my IP when using dynamic DNS.

cyberwombat
  • 38,105
  • 35
  • 175
  • 251