amazon-web-servicesaws-api-gatewayamazon-vpcaws-elbaws-alb

Allow request from API Gateway to private ALB

I have a public API gateway set up, I want to forward the requests from API Gateway to a private ALB in the VPC. On AWS Console, for API Gateway VPC link setup I could only select an NLB in the VPC.

  1. Is there a reason why we can only route to NLB and not to ALB?
  2. Is there a way I can route to private ALB from the API Gateway?
Solution

  • Currently AWS only supports connecting to NLB for VPC link integrations. They have a feature request in place to enable support for ALB as well. For now, you can do -

    Public API --> VPC Link --> NLB --> ALB

    In the target groups of the NLB, add the private IPs of the ALB. This way you can reap benefits of the NLB (TCP layer) and ALB (HTTPS).

    Using static IP addresses for Application Load Balancers