I'm trying to build an api gateway for an app in development using aws. I followed the steps in the doc https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html.
However when I set my endpoint to be 127.0.0.1:3000/users for example, it returns an 500 {"message": "Internal server error"}.
The app is a simple nodejs endpoint run in docker. I'm just trying to discover api gateways.
I'm guessing the error is that the endpoint that I provide is not valid because I'm using it locally. So is there a way to use aws api gateway locally and is it the best option for an api gateway.
The doc you mention doesn't describe any method for deploying and running an api gateway locally, nor am I aware of any method to do this. I'm only aware of running API Gateway in AWS. The problem may be that you are trying to hit an API Gateway endpoint on your local machine, which is not possible.
Perhaps I misunderstand and you're trying to integrate an API Gateway in AWS with a service running locally. If this is the case, API Gateway will not be able to have an integration endpoint on your local machine, unless you expose your machine to the public internet AND provide api gateway with a public internet address for your machine. 127.0.0.1 is not a public internet address.
Related
I am running 3 tier application: frontend (react), backend (spring boot) and managed azure database in Azure.
To run backend and frontend - I do have Azure App Service leveraging containers.
It works fine until we restricted backend to be accessible via private endpoint in vNet.
Frontend is obviously connected to the very same vNet via SWIFT(known as vNet integration) connection.
So far it is all good.
The issue arises when there is a problem with backend which cannot connect to database e.g. because I messed up connection string. So I fixed that issue and restarted backend with a new version - fixed connection string.
Buuuut, and here it comes ... since backend previously crashed it is not running and the way how to bring up a new version is to simply call App Service URL (curl https://my-backend.azurewebsites.net). The issue is that it is not possible to call it since it is behind a private endpoint.
Workaround would be to start a VM inside the very same vNet and call backend like this:
admin#debug:~$ curl -k https://10.0.20.4 -I -H "Host: my-backend.azurewebsites.net"
and this works.
But this is a very cumbersome solution which is not a solution at all in fact.
Anyone has idea how to make it work ?
I am using terraform, and I also notice that when I totally un-deploy App Service and deploy it again - it boots up again.
Thx
I'm facing issue with my multiple project solution in .net core webAPI. I've gatewayAPI which internally makes call to different microservices via http call.
Gateway API URI exposed to outer world which has domain as azure app name but the internal calls from gateway to microservices are configured with http://localhost:5001/{apiEndPoint} which is working fine in my local machine but after deploying it on azure app service I'm getting below error:
PostToServer call URL:'http://localhost:5001/api/authservice/authenticate' with Exception message An attempt was made to access a socket in a way forbidden by its access permissions. (localhost:5001).
Can someone please help me with this, I'm new to azure and learning on my own but could not find any solution for this yet.
PS: After going through some YouTube videos and blogs I got to know we have to use AKS but I'm not confident in that.
Would really appreciate any help on this issue.
The Gateway API you deployed to azure app service, it doesn't support custom port usage for 5001. Azure App Service only supports port 80|443(HTTP|HTTPS).
If you must use multiple ports in your actual project, then it is recommended to check whether Azure Cloud Service meets your needs. But it not the best choice.
The Best Practice:
Microservices architecture design
In short,create a Azure Gateway service, and your other microservice can be deployed in any where.(azure app service, vm or aks)
You just make sure you can access your microservices in your internal or public network environment.
If you're just learning, or the app isn't actually used by a lot of users, you can try the following suggestions:
Use SignalR (not azure signalr) to replace the websocket in your current project.
You have on azure app service, you can deploy your Gateway API Application to app service, and your other microservices can be deployed to Virtual Application in azure app service.
So I'm trying to deploy my NodeJS rest API on Cloud Run and for the most part it deploys successfully except a couple endpoints seem to be failing with either a 404 or 500 error. However when I run the container locally using docker run -p 8080:8080 <image> all the endpoints work. The common thing between all the failing endpoints seem to be that they are accessing the remote database using the credentials stored in the .env file.
EDIT: I think it is because the database is on a private internal ip so I'm trying to figure out what I would need to do for that
As mentioned by #guillaume, if your database is on a private internal network then VPC connector is necessary. You can use the Connecting from Cloud Run to Cloud SQL documentation as guide whether you stick to the private IP only or decided to use a public IP which will not require a VPC connector.
I have the frontend and backend on cloud run, each whit his own service, but when I put "internal traffic" on the backend API, It doesn't work, give me 403 since the frontend and it is another service of the same project, and in the documentation says that internal means "only for the same project" so...
two services since the same project are not internal traffic?
I think that is because I use a custom domain and not the exact URL of the service but I am not sure because here says that the custom domains are allowed too.
So what do I have to do to auth my frontend service on cloud run?
I tried whit JWT auth, but there is a better option, isn't it
Cloud Run services set to internal only accepts traffic coming from the VPC network. In order to connect to a Cloud Run service that's serving internal traffic, the connecting service must be attached to a VPC connector. In this case, you need to setup Serverless VPC access connector as mentioned in this note:
For requests from other Cloud Run services or from Cloud Functions in the same project, connect the service or function to a VPC network and route all egress through the connector, as described in Connecting to a VPC network. Note that the IAM invoker permission is still enforced.
For authenticating between service-to-service, you can simply fetch an ID token from the Compute medatada server. You can do that on any GCP compute environment (Cloud Run, App Engine, Compute Engine, etc.). You can follow the steps provided in this documentation.
two services since the same project are not internal traffic?
Two services in the same project should be considered as internal traffic.
I believe what you need to do is follow the authentication steps with token as recommended here (service to service authentication):
https://cloud.google.com/run/docs/authenticating/service-to-service
https://cloud.google.com/run/docs/securing/service-identity#per-service-identity
Please note that even though you've set the ingress traffic to internal, the IAM role cloud run invoker is still needed for the service account.
I'm not entirely new to MS Azure, but I am new to its API Management Service. I am trying to get an understanding of how the routing works between the client, the APIMS, and the backend APIs, but somehow can't seem to find what I'm looking for within Microsoft's documentation.
So here's what we have and what I understand:
We have multiple APIs that we host on Azure as App Services. And those APIs are added to the APIMS, which we are using as a gateway. The APIMS's Inbound policies on each API specifies the backend service as that App. But that's all I know.
So when a client, say an application running on someone's computer, sends a request to one of those APIs, how does its request URL end up routing through the gateway? And how does that all relate?
the request URL is made up as follows:
[name of your APIM service].azure-api.net/[name of api]/[api method]/[querystring]
example:
https://myapimanager.azure-api.net/myapi/getstudent?id=1
https://myapimanager.azure-api.net/myotherapi/getsomethingelse?name=bubbles