Open ELB available only from Gateway API

Question

Open ELB available only from Gateway API

Is there a way to limit my ELB to only accept calls from an API gateway? I assume this is possible, it can be done using the API Gateway client certificate.

As a rule, I am open to any alternative solution. I need to expose 1 api endpoint without making my EC2 / ELB instance fully open. I want calls to come only through the API gateway, where I can limit the number of calls per second.

+4

amazon-web-services amazon-elb aws-api-gateway

Adam ocsvari Jan 7 '16 at 5:32

source share

1 answer

Michael - sqlbot · Accepted Answer · 2016-01-07T12:20:40+0000

You're right, a TLS client certificate (SSL) on the back of the API gateway will be a way to handle this, but ELB does not currently support client-side certificates when working in http mode.

AWS Support Forum posts have AWS staff mentioning this feature as a feature request, but:

Unfortunately, at the moment we cannot provide ETA for this.
https://forums.aws.amazon.com/thread.jspa?threadID=58561&start=0&tstart=0

Of course, if ELBs were in TCP mode instead of HTTP, then your web servers could handle all SSL, including client-side certificate validation, but TCP mode does not have the same advantages as HTTP mode in ELB.

- HAProxy, , , ELB, SSL . 443, SSL-, API, SSL HTTP-, .

HAProxy - , , , SSL, t2.micro. t2.nano, < $5/ , , ... , , .

HAProxy ELB TCP, , - , , ELB, HAProxy ELB , , HAProxy HTTP, , , , example.com/api , example.com/blog , . ( S3 , - S3, ).

, HAProxy , , , .

Open ELB available only from Gateway API

More articles: