How do I allow the IP address for my API Gateway API to access my integration firewall?

Last updated: 2021-05-10

I want to allow an Amazon API Gateway IP address or address range to access the internet through my firewall.

Short description

Use an AWS Lambda function or Amazon Elastic Compute Cloud (Amazon EC2) instance to allow your IP address to access the internet through your firewall.

Complete the steps in the Set up Lambda proxy integration in API Gateway section if:

  • You require less control over your servers.
  • You don't want to allow your proxy to bypass API Gateway and be invoked externally.
  • You require exponential scalability.
  • You don't want to manually manage runtimes and apply security patches.

Complete the steps in the Set up EC2 proxy integration in API Gateway section if:

  • You must have more control over your servers.
  • You want to allow your proxy to bypass API Gateway and be invoked externally.
  • You must overcome the memory, timeout, and payload quotas of Lambda.

Resolution

Set up Lambda proxy integration in API Gateway

  1. Use a Lambda function to set up a proxy between API Gateway and your API Gateway integration.
  2. Assign a static IP address to your Lambda function.
  3. Build the Lambda proxy integration in API Gateway.
  4. Allow the static IP address of the NAT Gateway on the integration firewall.

Set up EC2 proxy integration in API Gateway

You must use an EC2 instance to set up a proxy integration between API Gateway and your API Gateway integration.

  1. Allocate an Elastic IP address.
  2. Associate your Elastic IP address with an instance or network interface.
  3. Build an HTTP proxy integration in your API Gateway integration.
    Important: For Endpoint URL, enter http://YOUR_ELASTIC_IP_ADDRESS/{proxy}. This option allows the request from API Gateway to be proxied to the EC2 instance and then to your integration.
  4. Allow your Elastic IP address on the integration firewall.

Did this article help?


Do you need billing or technical support?