Exposing HTTP API Gateway Via AWS CloudFront

AWS has saved a lot of money for their customers who were looking for a simple proxy to expose serverless application by releasing HTTP API Gateway. If you are NOT looking for features like request/response transformation, Lambda authorizer, request parameters/body validation, request forwarding to other AWS services and such other advanced features then HTTP API is the best choice instead of REST API. A detailed comparison between HTTP and REST API can be found here.

Before diving into the implementation part you will need Lambda code to successfully test our deployment.


Let’s start with the implementation part by creating our lambda functions.

Lambda Functions

First Function:

  • Start with giving your function a name

  • Under runtime, select Python 3.8

  • For permissions, select Create a new role with basic Lambda permissions

Once you click on Create Function button an IAM role with basic required permissions will be created along with your function.

Replace the default code with the following:

Make sure to click the Save button available on the top right side before navigating away from the page.

Function Two

  • Give your function a name

  • Select Python 3.8 for runtime

  • For permissions, select Create a new role with basic Lambda permissions

Replace the default code with the following for the second function:

Don’t forget to save your code.

It’s now time to create our API Gateway so let’s do it.


HTTP API Gateway

Use the search box or click on API Gateway available under Networking and Content Delivery section.

Your page might look different if Amazon updates their UI but that doesn’t matter. Just proceed with HTTP API.

Step 1: Start with giving your API a name.

Step 2: We will skip creating a route for now and proceed ahead.

Step 3: Replace $default stage name with whatever you want.

Step 4: Just review all the inputs and create HTTP API.

Once your API has been created click on Routes in the left panel and click on Create button.

Route 1

Select GET for HTTP method and provide /one for the route.

Once your route has been created click on the GET method to see the route details then click on attach integration button and finally click on Create and attach an integration button to integrate our Lambda function with the route.

  • Select the type as Lambda Function under Integration target.

  • Select your Lambda function from the dropdown under Integration details. If you don’t see your function make sure to select the appropriate region from the dropdown.

  • Finally, make sure under Invoke permissions Grant API Gateway permission is enabled.

Let’s continue with our second route by clicking on Routes from the left panel.

Route 2

For our second route select POST as HTTP method and provide /two as the route.

Once it is created click on the POST method to view route details then click on Attach integration button and finally on Create and attach an integration button.

Note: You can even select existing integration from the dropdown if you have such requirement but for now we will be creating a new integration to our second lambda function.
  • Select the type as Lambda Function under Integration target.

  • Select the second Lambda function from the dropdown under Integration details.

  • Finally, make sure under Invoke permissions Grant API Gateway permission is enabled.

Awesome, we have come quite far and we have our HTTP API gateway ready so let’s test it before we proceed towards our last component which is CloudFront. So visit your API dashboard and copy the demo stage URL.

You can either paste that URL along with our route /one in your browser or use an API testing tool like Postman.

If you get a response from your Lambda function this means you have set up your HTTP API gateway correctly and are ready to expose your APIs via CloudFront.

Before we deploy CloudFront let’s understand the reason to do so. HTTP API as of writing this article does not support edge optimised endpoint and provides us with a regional endpoint. We can straightaway use this regional endpoint if serve customers only within that region but if you have a worldwide customer base you will need to expose your HTTP API using CloudFront to reduce latency for your customers.


CloudFront

We need to create a Web distribution so make sure to select the appropriate delivery method.

Section: Origin Settings

  • For Origin Domain Name, copy the API Gateway URL and paste it here without https:// and /demo.

  • Provide /demo for Origin Path.

  • Select TLSv1.2 for Minimum Origin SSL Protocol.

  • Set Origin Protocol Policy to HTTPS Only.

Section: Default Cache Behavior Settings

  • Select Redirect HTTP to HTTPS for Viewer Protocol Policy.

  • For Allowed HTTP Methods select GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE.

Leaving all other inputs to their default values create the distribution.

The distribution will take around 5 minutes to get deployed so meanwhile download Postman if you don’t have it, stretch your body and grab yourself a coffee.

Once your CloudFront distribution is deployed, grab its domain name and get ready for testing. This time I’ll be using Postman to test both /one and /two routes.

For API One test, select GET as HTTP method, provide the entire path and hit Send button.

For API Two test, make sure to select POST as the HTTP method from the dropdown, provide JSON object under Body, select raw for body type and select JSON from the last dropdown before clicking the Send button.

Voila 🎉, pat yourself on successfully serving your HTTP API via CloudFront.

Optionally, you can map your CloudFront domain name to a custom domain and use it within your application or distribute it to your customers.


Vlog:

Vimal Paliwal

Vim is a DevSecOps Practitioner with over eight years of professional experience. Over the years, he has architected and implemented full fledged solutions for clients using AWS, K8s, Terraform, Python, Shell, Prometheus, etc keeping security as an utmost priority. Along with this, during his journey as an AWS Authorised Instructor he has trained thousands of professionals ranging from startups to fortune companies.

Previous
Previous

How to automatically generate fine-grained AWS IAM policy

Next
Next

Integrating Amazon EFS with Lambda