Merge pull request #2659 from vamsipulikonda/vamsipulikonda-rest-api-with-alb

julianwood · web-flow · commit 9e8c6eade906 · 2025-06-16T12:12:51.000+01:00
New Pattern - Rest API with private ALB - workaround
diff --git a/rest-api-private-alb-integration.json b/rest-api-private-alb-integration.json
@@ -0,0 +1,93 @@
+{
+    "title": "REST API Integration with Private ALB integration",
+    "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.",
+    "language": "Python",
+    "level": "200",
+    "framework": "AWS SAM",
+    "introBox": {
+        "headline": "How it works",
+        "text": [
+            "To work around this limitation for private ALBs, a multi-step approach is necessary",
+            "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.",
+            "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer",
+            "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener."
+        ]
+    },
+    "gitHub": {
+        "template": {
+            "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround",
+            "templateURL": "serverless-patterns/rest-api-alb-integration-workaround",
+            "projectFolder": "rest-api-alb-integration-workaround",
+            "templateFile": "template.yaml"
+        }
+    },
+    "resources": {
+        "bullets": [
+            {
+                "text": "How do I integrate an API Gateway REST API with an Application Load Balancer",
+                "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers"
+            }
+        ]
+    },
+    "deploy": {
+        "text": [
+            "sam deploy"
+        ]
+    },
+    "testing": {
+        "text": [
+            "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page."
+        ]
+    },
+    "cleanup": {
+        "text": [
+            "Delete the stack: <code>sam delete</code>."
+        ]
+    },
+    "authors": [
+        {
+            "name": "Vamsi Pulikonda",
+            "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg",
+            "linkedin": "vamsipulikonda",
+            "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services."
+        }
+    ],
+    "patternArch": {
+        "icon1": {
+            "x": 15,
+            "y": 50,
+            "service": "apigw",
+            "label": "Amazon API Gateway"
+        },
+        "icon2": {
+            "x": 43,
+            "y": 50,
+            "service": "alb",
+            "label": "Network Load Balancer"
+        },
+        "icon3": {
+            "x": 70,
+            "y": 50,
+            "service": "alb",
+            "label": "App. Load Balancer"
+        },
+        "icon4": {
+            "x": 92,
+            "y": 50,
+            "service": "lambda",
+            "label": "AWS Lambda"
+        },
+        "line1": {
+            "from": "icon1",
+            "to": "icon2"
+        },
+        "line2": {
+            "from": "icon2",
+            "to": "icon3"
+        },
+        "line3": {
+            "from": "icon3",
+            "to": "icon4"
+        }
+    }
+}
diff --git a/rest-api-private-alb-integration/README.md b/rest-api-private-alb-integration/README.md
@@ -0,0 +1,78 @@
+# REST API Integration with Private ALB - Workaround
+
+This pattern explains how to integrate an API Gateway REST API with an Application Load Balancer.
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ``` 
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+1. Change directory to the pattern directory:
+    ```
+    cd rest-api-alb-integration-workaround
+    ```
+1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file:
+    ```
+    sam deploy --guided
+    ```
+1. During the prompts:
+    * Enter a stack name
+    * Enter the desired AWS Region
+    * Allow SAM CLI to create IAM roles with the required permissions.
+
+    Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults.
+
+1. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing.
+
+## Background
+
+Currently, integration between REST APIs and Application Load Balancers (ALBs) has some limitations. Direct integration is only possible with public ALBs using API Gateway's HTTP integration feature. Private ALBs cannot be directly integrated with API Gateway.
+
+To work around this limitation for private ALBs, a multi-step approach is necessary. First, create an API Gateway VPC link. Then, connect the VPC link to a private Network Load Balancer (NLB). Finally, configure the NLB to forward incoming requests from API Gateway to the private ALB. This setup allows API Gateway to communicate with private ALBs indirectly, enabling the use of private ALBs in API architectures while maintaining the benefits of API Gateway management.
+
+## Prerequisites
+
+1. Active Route 53 Hosted Zone for your domain.
+2. Valid ACM (AWS Certificate Manager) certificate that covers the domain managed by your Route 53 Hosted Zone.
+
+## Workaround
+
+1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.
+
+2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer.
+
+3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener.
+
+
+```
+Workflow: REST API >> VPC Link >> NLB (TCP listener) >> ALB (HTTPS listener) >> Lambda
+```
+
+## Testing
+
+Once the application is deployed, retrieve the API URL provided as output and open it in a browser page.
+
+## Cleanup
+ 
+1. Delete the stack
+    ```bash
+    sam delete --stack-name STACK_NAME
+    ```
+1. Confirm the stack has been deleted
+    ```bash
+    aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus"
+    ```
+----
+Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0
diff --git a/rest-api-private-alb-integration/rest-api-private-alb-integration.json b/rest-api-private-alb-integration/rest-api-private-alb-integration.json
@@ -0,0 +1,93 @@
+{
+  "title": "REST API Integration with Private ALB integration",
+  "description": "This pattern explains workaround on how to integrate an API Gateway REST API with an Application Load Balancer.",
+  "language": "Python",
+  "level": "200",
+  "framework": "AWS SAM",
+  "introBox": {
+      "headline": "How it works",
+      "text": [
+          "To work around this limitation for private ALBs, a multi-step approach is necessary",
+          "1. Use an API Gateway VPC to integrate your API with a private Network Load Balancer.",
+          "2. Use the Network Load Balancer to forward the API request to the private Application Load Balancer",
+          "3. Application Load Balancer will forward the traffic to Lambda Function configured on HTTPS listener."
+      ]
+  },
+  "gitHub": {
+      "template": {
+          "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rest-api-alb-integration-workaround",
+          "templateURL": "serverless-patterns/rest-api-alb-integration-workaround",
+          "projectFolder": "rest-api-alb-integration-workaround",
+          "templateFile": "template.yaml"
+      }
+  },
+  "resources": {
+      "bullets": [
+          {
+              "text": "How do I integrate an API Gateway REST API with an Application Load Balancer",
+              "link": "https://repost.aws/knowledge-center/api-gateway-application-load-balancers"
+          }
+      ]
+  },
+  "deploy": {
+      "text": [
+          "sam deploy"
+      ]
+  },
+  "testing": {
+      "text": [
+          "Once the application is deployed, retrieve the API URL provided as output and open it in a browser page."
+      ]
+  },
+  "cleanup": {
+      "text": [
+          "Delete the stack: <code>sam delete</code>."
+      ]
+  },
+  "authors": [
+      {
+          "name": "Vamsi Pulikonda",
+          "image": "https://raw.githubusercontent.com/vamsipulikonda/my-photo/main/vamsi-photo.jpg",
+          "linkedin": "vamsipulikonda",
+          "bio": "I am a cloud computing enthusiast working as a Cloud Engineer at Amazon Web Services."
+      }
+  ],
+  "patternArch": {
+      "icon1": {
+          "x": 15,
+          "y": 50,
+          "service": "apigw",
+          "label": "Amazon API Gateway"
+      },
+      "icon2": {
+          "x": 43,
+          "y": 50,
+          "service": "alb",
+          "label": "Network Load Balancer"
+      },
+      "icon3": {
+          "x": 70,
+          "y": 50,
+          "service": "alb",
+          "label": "App. Load Balancer"
+      },
+      "icon4": {
+          "x": 92,
+          "y": 50,
+          "service": "lambda",
+          "label": "AWS Lambda"
+      },
+      "line1": {
+          "from": "icon1",
+          "to": "icon2"
+      },
+      "line2": {
+          "from": "icon2",
+          "to": "icon3"
+      },
+      "line3": {
+          "from": "icon3",
+          "to": "icon4"
+      }
+  }
+}
diff --git a/rest-api-private-alb-integration/src/app.js b/rest-api-private-alb-integration/src/app.js
@@ -0,0 +1,10 @@
+/*! Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  SPDX-License-Identifier: MIT-0
+ */
+
+'use strict'
+
+exports.handler = async (event) => {
+  // Lambda handler code
+  console.log(JSON.stringify(event, 0, null))
+}
diff --git a/rest-api-private-alb-integration/template.yaml b/rest-api-private-alb-integration/template.yaml
