Page tree
Skip to end of metadata
Go to start of metadata

Quickstart

AWS ECS E2E Architecture has API Gateway usage.


URL Rewriting using AWS API Gateway

Pending

Need referer and authority header attributes to target the entry endpoints for the backend - to test switching content based on URL origin

need private cert to allow for non-api gateway URLs

Base HAproxy example - https://en.wikipedia.org/wiki/Rewrite_engine and https://en.wikipedia.org/wiki/HAProxy and 

Plan

In this section we will determine how to use the API Gateway service to route multiple alias URLs into a single backend service.  Routing a many to one set of calls is the reverse of the usual use case of an API Gateway or L7 load balancer or proxy where the a single URL is parsed and distributed among a set of micro service backends depending on a particular match on part of the path/context-root of the URI part of the URL.

For example we usually route one to many (1:m) like this.

    http://site.com/api/first-app to L7 route reroute http://hidden-dns/api/first or L4 port reroute http://hidden-dns:31111/api
    and
    http://site.com/api/last-app to L7 route reroute http://hidden-dns/api/last or L4 port reroute http://hidden-dns:32222/api 


In this example we want to route many to one (m:1) like this.

    http://first-dns.com/api or http://last-dns.com/api 

        into

    http://hidden-dns.com/api

Single micro service served by dual domain URLs

Build/Run Docker endpoint on RKE EC2 VM


Locally
mvn clean install -U
cd src/docker/
./build.sh 

On VM
ubuntu@ip-172-31-81-46:~$ docker run --name reference-nbi -d -p 8888:8080 obrienlabs/reference-nbi:0.0.1
ubuntu@ip-172-31-81-46:~$ curl http://127.0.0.1:8888/nbi/api
{"id":1,"content":"1 PASS cloud.containerization.reference.nbi.ApiController queryString: null decodedQueryString: "}

Setup API Gateway API and GET Method

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-set-up-simple-proxy.html

Add Integration Response - Mapping Template JSON

##  See http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
##  This template will pass through all parameters including path, querystring, header, stage variables, and context through to the integration endpoint via the body/payload
#set($allParams = $input.params())
{
"body-json" : $input.json('$'),
"params" : {
#foreach($type in $allParams.keySet())
    #set($params = $allParams.get($type))
"$type" : {
    #foreach($paramName in $params.keySet())
    "$paramName" : "$util.escapeJavaScript($params.get($paramName))"
        #if($foreach.hasNext),#end
    #end
}
    #if($foreach.hasNext),#end
#end
},


Deploy API

Using http beta API instead of the default rest api for API Gateway

Route53 CNAME records

Request/Response





https://juursjt8i2.execute-api.us-east-1.amazonaws.com/dev/nbi/api?ZXhlY3V0aW9uPWUxczEmYWN0aW9uPXRlc3Q=

{"id":4,"content":"4 PASS cloud.containerization.reference.nbi.ApiController 
URL: http://services.obrienlabs.cloud:8888/nbi/api URI: /nbi/api path: null
queryString: ZXhlY3V0aW9uPWUxczEmYWN0aW9uPXRlc3Q= decodedQueryString: execution=e1s1&action=test"}


https://fxfqqwqngj.execute-api.us-east-1.amazonaws.com/stg/nbi/api?ZXhlY3V0aW9uPWUxczEmYWN0aW9uPXRlc3Q=

{"id":3,"content":"3 PASS cloud.containerization.reference.nbi.ApiController 
URL: http://services.obrienlabs.cloud:8888/nbi/api URI: /nbi/api path: null
queryString: ZXhlY3V0aW9uPWUxczEmYWN0aW9uPXRlc3Q= decodedQueryString: execution=e1s1&action=test"}


https://91u52epqzc.execute-api.us-east-1.amazonaws.com/dev?ZXhlY3V0aW9uPWUxczEmYWN0aW9uPXRlc3Q=

"Host" : "91u52epqzc.execute-api.us-east-1.amazonaws.com"
"api-id" : "91u52epqzc",
"stage" : "dev",
serverName: services.obrienlabs.cloud
URL: http://services.obrienlabs.cloud:8888/nbi/api


Headers




https://91u52epqzc.execute-api.us-east-1.amazonaws.com/dev

{
"body-json" : {"id":2,"content":"2 PASS cloud.containerization.reference.nbi.ApiController URL: http://services.obrienlabs.cloud:8888/nbi/api URI: /nbi/api path: null origin: null caller: null queryString: null decodedQueryString2: : remoteAddr: 3.216.139.252 localAddr: 172.17.0.2 remoteHost: 3.216.139.252 serverName: services.obrienlabs.cloud"},
"params" : {
"path" : {
}
,"querystring" : {
}
,"header" : {
"accept" : "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.9"
, "accept-encoding" : "gzip, deflate, br"
, "accept-language" : "en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"
, "cache-control" : "max-age=0"
, "Host" : "91u52epqzc.execute-api.us-east-1.amazonaws.com"
, "sec-fetch-dest" : "document"
, "sec-fetch-mode" : "navigate"
, "sec-fetch-site" : "none"
, "sec-fetch-user" : "?1"
, "upgrade-insecure-requests" : "1"
, "User-Agent" : "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/80.0.3987.87 Safari\/537.36"
, "X-Amzn-Trace-Id" : "Root=1-5e4e23fe-fffae98ae7c0dbea36daca2a"
, "X-Forwarded-For" : "174.112.79.79"
, "X-Forwarded-Port" : "443"
, "X-Forwarded-Proto" : "https"
}
},
"stage-variables" : {
},
"context" : {
"account-id" : "",
"api-id" : "91u52epqzc",
"api-key" : "",
"authorizer-principal-id" : "",
"caller" : "",
"cognito-authentication-provider" : "",
"cognito-authentication-type" : "",
"cognito-identity-id" : "",
"cognito-identity-pool-id" : "",
"http-method" : "GET",
"stage" : "dev",
"source-ip" : "174.112.79.79",
"user" : "",
"user-agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36",
"user-arn" : "",
"request-id" : "b76d5b33-647b-4540-adbd-d4c26164d309",
"resource-id" : "i138yesehf",
"resource-path" : "/"
}
}

endpoint

.



API Gateway as SSL Termination using the provided AWS certificate

We get an SSL endpoint for free (for example to meet https requirements from iOS)





External testing

Unsecured - http://biometric.elasticbeanstalk.com/rest/read/json/latest/201907010

Secured - https://2qau3lngjh.execute-api.us-east-1.amazonaws.com/biometric-stg

Architecture

API Gateway runs outside of your VPC just like other AWS services like S3, Route53 etc.. 

Private API Gateway Endpoints

However as of 2018 you can run your endpoints inside your own VPC https://www.dropbox.com/s/usqq7v35w9gykd7/Screenshot%202019-07-06%2013.34.04.png?dl=0

Connecting API Gateway to KeyCloak running in a Kubernetes Cluster

KeyCloak Configuration


Links

https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-call-api.html

  • No labels