DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Related

  • Strategic Deployments in AWS: Leveraging IaC for Cross-Account Efficiency
  • When (Tech Service) Relationships Don’t Work Out
  • Understanding IaC Tools: CloudFormation vs. Terraform
  • Understanding the Purposes of Key Terraform Files and How to Structure Their Folders

Trending

  • A Guide to Using Amazon Bedrock Prompts for LLM Integration
  • Build Your Own GitHub-Like Tool With React in One Hour
  • A View on Understanding Non-Human Identities Governance
  • Secrets Management With Datadog Secret Backend Utility
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Automating AWS Infrastructure: Creating API Gateway, NLB, Security Group, and VPC With CloudFormation

Automating AWS Infrastructure: Creating API Gateway, NLB, Security Group, and VPC With CloudFormation

In modern cloud environments, Infrastructure as Code (IaC) has become a cornerstone for managing and provisioning resources efficiently

By 
Vijay Panwar user avatar
Vijay Panwar
DZone Core CORE ·
Mar. 26, 24 · Tutorial
Likes (2)
Comment
Save
Tweet
Share
1.6K Views

Join the DZone community and get the full member experience.

Join For Free

In modern cloud environments, Infrastructure as Code (IaC) has become a cornerstone for managing and provisioning resources efficiently. Amazon Web Services (AWS) offers CloudFormation as a service to automate the deployment of AWS infrastructure. In this article, we'll guide you through the process of setting up essential components such as API Gateway, Network Load Balancer (NLB), Target Group, Security Group, and Virtual Private Cloud (VPC) using CloudFormation templates.

Prerequisites

Before we begin, ensure you have:

  1. An AWS account with appropriate permissions to create and manage resources.
  2. Basic understanding of AWS services and CloudFormation concepts.

Below is the CloudFormation template combining the setup of AWS API Gateway, Network Load Balancer (NLB), Target Group, Security Group, Virtual Private Cloud (VPC), resource policy, and API deployment:

YAML
  
AWSTemplateFormatVersion: '2010-09-09'

Description: "AWS API Gateway with NLB, Target Group, Security Group, VPC, Resource Policy, and API Deployment"



Parameters:

  EnvironmentName:

    Type: String

    Default: "production"

    Description: "The name of the environment (e.g., production, development)"



Resources:

  MyVPC:

    Type: AWS::EC2::VPC

    Properties:

      CidrBlock: "10.0.0.0/16"

      EnableDnsSupport: true

      EnableDnsHostnames: true



  MySubnet1:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref MyVPC

      CidrBlock: "10.0.0.0/24"

      AvailabilityZone: !Select [ 0, !GetAZs '' ]



  MySubnet2:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref MyVPC

      CidrBlock: "10.0.1.0/24"

      AvailabilityZone: !Select [ 1, !GetAZs '' ]



  MyInternetGateway:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: MyInternetGateway



  MyVPCGatewayAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      VpcId: !Ref MyVPC

      InternetGatewayId: !Ref MyInternetGateway



  MySecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Allow HTTP and HTTPS traffic

      VpcId: !Ref MyVPC

      SecurityGroupIngress:

        - IpProtocol: tcp

          FromPort: 80

          ToPort: 80

          CidrIp: 0.0.0.0/0

        - IpProtocol: tcp

          FromPort: 443

          ToPort: 443

          CidrIp: 0.0.0.0/0



  MyNLB:

    Type: AWS::ElasticLoadBalancingV2::LoadBalancer

    Properties:

      Scheme: internet-facing

      Subnets:

        - !Ref MySubnet1

        - !Ref MySubnet2

      LoadBalancerAttributes:

        - Key: load_balancing.cross_zone.enabled

          Value: "true"



  MyTargetGroup:

    Type: AWS::ElasticLoadBalancingV2::TargetGroup

    Properties:

      VpcId: !Ref MyVPC

      Protocol: TCP

      Port: 80

      TargetType: instance



  MyAPIGateway:

    Type: AWS::ApiGateway::RestApi

    Properties:

      Name: MyAPI



  MyAPIResource:

    Type: AWS::ApiGateway::Resource

    Properties:

      RestApiId: !Ref MyAPIGateway

      ParentId: !GetAtt MyAPIGateway.RootResourceId

      PathPart: myresource



  MyAPIMethod:

    Type: AWS::ApiGateway::Method

    Properties:

      AuthorizationType: NONE

      HttpMethod: GET

      ResourceId: !Ref MyAPIResource

      RestApiId: !Ref MyAPIGateway

      Integration:

        IntegrationHttpMethod: POST

        Type: HTTP

        Uri: !Sub "http://${MyNLB.DNSName}:80/myendpoint"



  MyAPIDeployment:

    Type: AWS::ApiGateway::Deployment

    Properties:

      RestApiId: !Ref MyAPIGateway

      StageName: !Ref EnvironmentName



  MyAPIGatewayPermission:

    Type: AWS::Lambda::Permission

    Properties:

      Action: "lambda:InvokeFunction"

      FunctionName: !Ref MyLambdaFunction

      Principal: apigateway.amazonaws.com

      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyAPIGateway}/*/*/*"


This template creates the following resources:

  • VPC with two subnets in different availability zones.
  • Internet Gateway and attach it to the VPC.
  • Security Group allowing HTTP (port 80) and HTTPS (port 443) traffic.
  • Network Load Balancer (NLB) with the internet-facing scheme and cross-zone load balancing enabled.
  • Target Group for NLB with TCP protocol on port 80.
  • API Gateway with a REST API named "MyAPI".
  • API Gateway resource named "myresource" for defining endpoints.
  • API Gateway method (GET) with integration to the NLB endpoint.
  • API Gateway deployment with the specified stage name.

Lambda function permission for API Gateway to invoke the function.

Template Overview From CloudFormation Template

cloudformation template

You can further customize this template based on your specific requirements, such as adding Lambda functions, additional resources, or configuring advanced settings for API Gateway and NLB.

AWS Virtual private cloud Infrastructure as code

Opinions expressed by DZone contributors are their own.

Related

  • Strategic Deployments in AWS: Leveraging IaC for Cross-Account Efficiency
  • When (Tech Service) Relationships Don’t Work Out
  • Understanding IaC Tools: CloudFormation vs. Terraform
  • Understanding the Purposes of Key Terraform Files and How to Structure Their Folders

Partner Resources

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: