Configure networks
Posted: Thu Jan 23, 2025 7:09 am
This point is the most relevant to ensure that your backend will be private and will only have access to the internal network that we created in step 1.
Choose the VPC we created in step 1.
Select from the subnets only those that are Private.
2.4. Load balancer network configuration
We move on to configure the “Load Balancer”, investor leads the rest of the configuration regarding the server instance is up to you, in this example we leave it by default. Let’s see the detail to configure the load balancer.
Select “Visibility” = “Internal”. This will protect the infrastructure in case the subnet is not selected correctly.
Next, you will need to select the Subnet under which the load balancer will be connected. Here you will also need to select the Private Subnets so that only the API Gateway can access them.
Now it’s time to select the load balancer type, choose “Network load balancer”. The VPC link from the API Gateway will only work with network load balancers.
Configure any other details you feel are necessary for your backend environment such as environment variables etc and then click “Create Environment”.
Configure API Gateway
Create an API Gateway if you haven't already.
In the menu on the left, select VPC Link
Give the VPC link a name and select the load balancer that was created from the previous section in EBS and you can now “Create”.
While you wait for the connection to be created, you can configure the API by adding a new method of type VPC Link.
Also select VPC Proxy Integration, the VPC Link already created and use the URL of the endpoint that has EBS.
After these settings you will be able to deploy the changes to your API Gateway as usual and the VPC Link will make the request in reverse proxy mode to the EBS backend that you have privately configured through the Private network created in point 1.
Remember to add authentication methods to your API Gateway to add an authentication factor to your API.
Conclusion
Securing your backend hosted on AWS Elastic Beanstalk (EBS) using AWS API Gateway provides a robust solution to prevent services from being publicly available on the internet. This setup ensures the security of your resources and reduces exposure to potential attacks, while facilitating controlled access through API Gateway.
By configuring Elastic Beanstalk privately within a Virtual Private Cloud (VPC), and then connecting it to API Gateway via a VPC link, you establish a secure environment where your services are protected and only accessible through the internal network defined in the VPC. This approach offers an additional layer of security by keeping your services behind an API Gateway, allowing you to control and manage access more effectively.
Choose the VPC we created in step 1.
Select from the subnets only those that are Private.
2.4. Load balancer network configuration
We move on to configure the “Load Balancer”, investor leads the rest of the configuration regarding the server instance is up to you, in this example we leave it by default. Let’s see the detail to configure the load balancer.
Select “Visibility” = “Internal”. This will protect the infrastructure in case the subnet is not selected correctly.
Next, you will need to select the Subnet under which the load balancer will be connected. Here you will also need to select the Private Subnets so that only the API Gateway can access them.
Now it’s time to select the load balancer type, choose “Network load balancer”. The VPC link from the API Gateway will only work with network load balancers.
Configure any other details you feel are necessary for your backend environment such as environment variables etc and then click “Create Environment”.
Configure API Gateway
Create an API Gateway if you haven't already.
In the menu on the left, select VPC Link
Give the VPC link a name and select the load balancer that was created from the previous section in EBS and you can now “Create”.
While you wait for the connection to be created, you can configure the API by adding a new method of type VPC Link.
Also select VPC Proxy Integration, the VPC Link already created and use the URL of the endpoint that has EBS.
After these settings you will be able to deploy the changes to your API Gateway as usual and the VPC Link will make the request in reverse proxy mode to the EBS backend that you have privately configured through the Private network created in point 1.
Remember to add authentication methods to your API Gateway to add an authentication factor to your API.
Conclusion
Securing your backend hosted on AWS Elastic Beanstalk (EBS) using AWS API Gateway provides a robust solution to prevent services from being publicly available on the internet. This setup ensures the security of your resources and reduces exposure to potential attacks, while facilitating controlled access through API Gateway.
By configuring Elastic Beanstalk privately within a Virtual Private Cloud (VPC), and then connecting it to API Gateway via a VPC link, you establish a secure environment where your services are protected and only accessible through the internal network defined in the VPC. This approach offers an additional layer of security by keeping your services behind an API Gateway, allowing you to control and manage access more effectively.