Skip to content

Private Lambda Micro REST API (proxy) Infrastructure Library

License

Notifications You must be signed in to change notification settings

RenovoSolutions/cdk-library-renovo-microapi

Repository files navigation

Renovo Solutions Private Lambda Micro REST API (proxy) Infrastructure Library

build

This infrastructure construct library implements a private lambda backed REST API on AWS API Gateway using proxy+.

Features

  • Utilizes an internal Micro API project to provide an api via Lambda (with proxy+) and API Gateway
  • Configures the required VPC endpoint attachment automatically
  • Configures logging for API requests
  • Configures the private gateways policy to restrict access to the VPC endpoint
  • Exports the private DNS name to be used in the app

What this construct does not do

  • Provide the VPC endpoint with private DNS enabled. The user utilizing this construct should create a single VPC endpoint with private DNS enabled and share it across all projects utilizing this consturct.

Private API Gateway traffic flow using VPC Endpoint

API gateways are a managed service that lives outside of our own VPC. Therefore when creating a private gateway this means that in order to access it additional configurations need to occur. Specifically a VPC endpoint must exist for traffic to route to the API Gateway. In addition the Lambda service itself also lives outside our VPC. This can seem a bit complex given that most of our Micro API projects then return to the VPC to route traffic to the database. To help visualize what this looks like here is a diagram of this traffic flow when routing through the api gateway for Micro APIs:

private api traffic flow

The old setup, using public traffic flow

We used to deploy API gateways as public endpoints. For the sake of comparison here is what the old traffic flow would have looked like:

public api traffic flow

References