0

I have an EC2 instance in a VPC which has public IP and an elastic IP as well. Now I want to use AWS API gateway to expose Flask APIs running on instance. Is it possible to do so with private link, without load balancer? If so please share any relevant article. I read many article but all seems very confusing.

PS: I don't want to allow all IPS in EC2 security group.

If any more detail required, please raise, I will provide.

EDIT1: I am adding, what steps I am seeing should be to achieve the same(I tried those as well):

  1. Create an VPC links for an HTTP API and select the VPC and security group in which EC2 lie.
  2. Create AWS cloud map and register an service and then register an service instance with EC2 Private IP and port 5000(flask port).
  3. Create an HTTP API Gateway, then define ANY Route and then attach integration-> select private resource-> Manual discovery-> cloud map and select instance that defined in 2nd step.
  4. Deploy API. It should be working, but not :(.

After that I try to do some debugging and found when I allow all IPs in EC2 SG, it started to work. (Not able to reach to any outcome), Maybe you can help here.

PS: EC2 have public IP as well.

Thanks

robo98
  • 37
  • 8
  • Possible duplicate https://serverfault.com/a/907759/32351 – Mark B Jul 07 '23 at 17:30
  • From the answer it seems not possible to achieve the same without NLB – robo98 Jul 08 '23 at 03:17
  • @MarkB can't I use HTTP API Gateway with private link and integration to resources in VPC then select cloud map and provide cloud map service name, in which I have registered my EC2 with IP? Please help – robo98 Jul 08 '23 at 13:35
  • You seem to have a plan to use CloudMap, and indeed that looks like it is supported now: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-private.html Have you tried it? If you have, did it work? Are you just looking for validation on a planed architecture, or are you actively working on this and encountering some sort of issue? – Mark B Jul 08 '23 at 13:43
  • @MarkB, I am working on this actively, I have edited my question just to add what I have tried, I had referred to block, the steps it is providing are form CLI, I will try to follow that as well. – robo98 Jul 08 '23 at 14:06
  • What if you just allow all IP addresses in your VPC CIDR block? – Mark B Jul 08 '23 at 15:36

0 Answers0