Styjun

Wait or be waiting?

Which failed attempts have there been to find a contradiction in ZFC or ZF?

"This used to be my phone number"

Demographic consequences of closed loop reincarnation

Is it legal for a supermarket to refuse to sell an adult beer if an adult with them doesn’t have their ID?

How do I reproduce this layout and typography?

The most secure way to handle someone forgetting to verify their account?

What makes MOVEQ quicker than a normal MOVE in 68000 assembly?

Making a Dataset that emulates `ls -tlra`?

Who would use the word "manky"?

Diagram of Methods to Solve Differential Equations

What is actually sent/loaded to a microcontroller / stm32

What is this green alien supposed to be on the American covers of the "Hitchhiker's Guide to the Galaxy"?

Which GPUs to get for Mathematical Optimization (if any)?

Why teach C using scanf without talking about command line arguments?

In this iconic lunar orbit rendezvous photo of John Houbolt, why do arrows #5 and #6 point the "wrong" way?

I have found a mistake on someone's code published online: what is the protocol?

Company looks for long-term employees, but I know I won't be interested in staying long

Manager asking me to eat breakfast from now on

Why would word of Princess Leia's capture generate sympathy for the Rebellion in the Senate?

Why are there few or no black super GMs?

Who or what determines if a curse is valid or not?

Is it possible to invoke "super" with less ambiguous results?

How can I automate this tensor computation?

How can I use an EC2 ip address in API Gateway?

Trying to SSH into an Amazon Ec2 instance - permission errorHow to view website launched in Amazon EC2 instance?Cannot ping AWS EC2 instanceAWS API Gateway and EC2 Service ProxyNew API not connecting to server on EC2 instanceSSL for default Amazon EC2 domainNode.js RESTful API server on AWS EC2 vs AWS API GatewayAWS API Gateway : route errorCannot connect to EC2 web app from external browser

1 Answer
1

active

oldest

votes

0

You should consider 2 options:

1. If your EC2 is publicly available you should check the HTTP Proxy integration part to delegate the integration request and response configuration to your Flask API oterwise you will have to configure it on your API Gateway.

If your EC2 is publicly available you should have an inbound rule 0.0.0.0/0 on it. If not I think your should consider option 2.

2. In that case, your EC2 is not publicly available this means API Gateway will not communicate with your instance through internet but through a Private Link.

Look at this blog post to configure your VPC Endpoint and then restrict and secure your communication : https://aws.amazon.com/fr/blogs/compute/introducing-amazon-api-gateway-private-endpoints/

share|improve this answer

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks, this is a nice addition to what I am planning, private endpoints look pretty intimidating from that post though!
  
  – user7496277
  Mar 26 at 11:08
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Yes I know, but once you understand how it works, it will really secure your communication between your gateway and your HTTP endpoint on your EC2. And then you will really have an api management model with your api exposed only once on your Gateway with a caching solution etc etc
  
  – Steve HOUEL
  Mar 26 at 15:06
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What would be the security benefits using your method as opposed to requiring an API key in the request header to use the gateway?
  
  – user7496277
  Mar 27 at 10:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Only in order to reduce your footprint on internet and thus reduce your possible attack surface.
  
  – Steve HOUEL
  Mar 27 at 15:29
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55355323%2fhow-can-i-use-an-ec2-ip-address-in-api-gateway%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

You should consider 2 options:

1. If your EC2 is publicly available you should check the HTTP Proxy integration part to delegate the integration request and response configuration to your Flask API oterwise you will have to configure it on your API Gateway.

If your EC2 is publicly available you should have an inbound rule 0.0.0.0/0 on it. If not I think your should consider option 2.

2. In that case, your EC2 is not publicly available this means API Gateway will not communicate with your instance through internet but through a Private Link.

Look at this blog post to configure your VPC Endpoint and then restrict and secure your communication : https://aws.amazon.com/fr/blogs/compute/introducing-amazon-api-gateway-private-endpoints/

share|improve this answer

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks, this is a nice addition to what I am planning, private endpoints look pretty intimidating from that post though!
  
  – user7496277
  Mar 26 at 11:08
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Yes I know, but once you understand how it works, it will really secure your communication between your gateway and your HTTP endpoint on your EC2. And then you will really have an api management model with your api exposed only once on your Gateway with a caching solution etc etc
  
  – Steve HOUEL
  Mar 26 at 15:06
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What would be the security benefits using your method as opposed to requiring an API key in the request header to use the gateway?
  
  – user7496277
  Mar 27 at 10:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Only in order to reduce your footprint on internet and thus reduce your possible attack surface.
  
  – Steve HOUEL
  Mar 27 at 15:29
  

  
  
  
  

add a comment | 

0

You should consider 2 options:

1. If your EC2 is publicly available you should check the HTTP Proxy integration part to delegate the integration request and response configuration to your Flask API oterwise you will have to configure it on your API Gateway.

If your EC2 is publicly available you should have an inbound rule 0.0.0.0/0 on it. If not I think your should consider option 2.

2. In that case, your EC2 is not publicly available this means API Gateway will not communicate with your instance through internet but through a Private Link.

Look at this blog post to configure your VPC Endpoint and then restrict and secure your communication : https://aws.amazon.com/fr/blogs/compute/introducing-amazon-api-gateway-private-endpoints/

share|improve this answer

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks, this is a nice addition to what I am planning, private endpoints look pretty intimidating from that post though!
  
  – user7496277
  Mar 26 at 11:08
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Yes I know, but once you understand how it works, it will really secure your communication between your gateway and your HTTP endpoint on your EC2. And then you will really have an api management model with your api exposed only once on your Gateway with a caching solution etc etc
  
  – Steve HOUEL
  Mar 26 at 15:06
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What would be the security benefits using your method as opposed to requiring an API key in the request header to use the gateway?
  
  – user7496277
  Mar 27 at 10:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Only in order to reduce your footprint on internet and thus reduce your possible attack surface.
  
  – Steve HOUEL
  Mar 27 at 15:29
  

  
  
  
  

add a comment | 

You should consider 2 options:

1. If your EC2 is publicly available you should check the HTTP Proxy integration part to delegate the integration request and response configuration to your Flask API oterwise you will have to configure it on your API Gateway.

If your EC2 is publicly available you should have an inbound rule 0.0.0.0/0 on it. If not I think your should consider option 2.

2. In that case, your EC2 is not publicly available this means API Gateway will not communicate with your instance through internet but through a Private Link.

Look at this blog post to configure your VPC Endpoint and then restrict and secure your communication : https://aws.amazon.com/fr/blogs/compute/introducing-amazon-api-gateway-private-endpoints/

share|improve this answer

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges

share|improve this answer

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges

answered Mar 26 at 11:03

Steve HOUELSteve HOUEL

11255 bronze badges