Automating AWS Infrastructure: Creating API Gateway, NLB, Security Group, and VPC With CloudFormation
In modern cloud environments, Infrastructure as Code (IaC) has become a cornerstone for managing and provisioning resources efficiently
Join the DZone community and get the full member experience.
Join For FreeIn modern cloud environments, Infrastructure as Code (IaC) has become a cornerstone for managing and provisioning resources efficiently. Amazon Web Services (AWS) offers CloudFormation as a service to automate the deployment of AWS infrastructure. In this article, we'll guide you through the process of setting up essential components such as API Gateway, Network Load Balancer (NLB), Target Group, Security Group, and Virtual Private Cloud (VPC) using CloudFormation templates.
Prerequisites
Before we begin, ensure you have:
- An AWS account with appropriate permissions to create and manage resources.
- Basic understanding of AWS services and CloudFormation concepts.
Below is the CloudFormation template combining the setup of AWS API Gateway, Network Load Balancer (NLB), Target Group, Security Group, Virtual Private Cloud (VPC), resource policy, and API deployment:
AWSTemplateFormatVersion'2010-09-09'
Description"AWS API Gateway with NLB, Target Group, Security Group, VPC, Resource Policy, and API Deployment"
Parameters
EnvironmentName
Type String
Default"production"
Description"The name of the environment (e.g., production, development)"
Resources
MyVPC
Type AWS EC2 VPC
Properties
CidrBlock"10.0.0.0/16"
EnableDnsSupporttrue
EnableDnsHostnamestrue
MySubnet1
Type AWS EC2 Subnet
Properties
VpcId !Ref MyVPC
CidrBlock"10.0.0.0/24"
AvailabilityZone !Select 0 !GetAZs ''
MySubnet2
Type AWS EC2 Subnet
Properties
VpcId !Ref MyVPC
CidrBlock"10.0.1.0/24"
AvailabilityZone !Select 1 !GetAZs ''
MyInternetGateway
Type AWS EC2 InternetGateway
Properties
Tags
Key Name
Value MyInternetGateway
MyVPCGatewayAttachment
Type AWS EC2 VPCGatewayAttachment
Properties
VpcId !Ref MyVPC
InternetGatewayId !Ref MyInternetGateway
MySecurityGroup
Type AWS EC2 SecurityGroup
Properties
GroupDescription Allow HTTP and HTTPS traffic
VpcId !Ref MyVPC
SecurityGroupIngress
IpProtocol tcp
FromPort80
ToPort80
CidrIp 0.0.0.0/0
IpProtocol tcp
FromPort443
ToPort443
CidrIp 0.0.0.0/0
MyNLB
Type AWS ElasticLoadBalancingV2 LoadBalancer
Properties
Scheme internet-facing
Subnets
!Ref MySubnet1
!Ref MySubnet2
LoadBalancerAttributes
Key load_balancing.cross_zone.enabled
Value"true"
MyTargetGroup
Type AWS ElasticLoadBalancingV2 TargetGroup
Properties
VpcId !Ref MyVPC
Protocol TCP
Port80
TargetType instance
MyAPIGateway
Type AWS ApiGateway RestApi
Properties
Name MyAPI
MyAPIResource
Type AWS ApiGateway Resource
Properties
RestApiId !Ref MyAPIGateway
ParentId !GetAtt MyAPIGateway.RootResourceId
PathPart myresource
MyAPIMethod
Type AWS ApiGateway Method
Properties
AuthorizationType NONE
HttpMethod GET
ResourceId !Ref MyAPIResource
RestApiId !Ref MyAPIGateway
Integration
IntegrationHttpMethod POST
Type HTTP
Uri !Sub "http://${MyNLB.DNSName}:80/myendpoint"
MyAPIDeployment
Type AWS ApiGateway Deployment
Properties
RestApiId !Ref MyAPIGateway
StageName !Ref EnvironmentName
MyAPIGatewayPermission
Type AWS Lambda Permission
Properties
Action"lambda:InvokeFunction"
FunctionName !Ref MyLambdaFunction
Principal apigateway.amazonaws.com
SourceArn !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyAPIGateway}/*/*/*"
This template creates the following resources:
- VPC with two subnets in different availability zones.
- Internet Gateway and attach it to the VPC.
- Security Group allowing HTTP (port 80) and HTTPS (port 443) traffic.
- Network Load Balancer (NLB) with the internet-facing scheme and cross-zone load balancing enabled.
- Target Group for NLB with TCP protocol on port 80.
- API Gateway with a REST API named "MyAPI".
- API Gateway resource named "myresource" for defining endpoints.
- API Gateway method (GET) with integration to the NLB endpoint.
- API Gateway deployment with the specified stage name.
Lambda function permission for API Gateway to invoke the function.
Template Overview From CloudFormation Template
You can further customize this template based on your specific requirements, such as adding Lambda functions, additional resources, or configuring advanced settings for API Gateway and NLB.
Opinions expressed by DZone contributors are their own.
Comments