Automating AWS Infrastructure: Creating API Gateway, NLB, Security Group, and VPC With CloudFormation
In modern cloud environments, Infrastructure as Code (IaC) has become a cornerstone for managing and provisioning resources efficiently
Join the DZone community and get the full member experience.
Join For FreeIn modern cloud environments, Infrastructure as Code (IaC) has become a cornerstone for managing and provisioning resources efficiently. Amazon Web Services (AWS) offers CloudFormation as a service to automate the deployment of AWS infrastructure. In this article, we'll guide you through the process of setting up essential components such as API Gateway, Network Load Balancer (NLB), Target Group, Security Group, and Virtual Private Cloud (VPC) using CloudFormation templates.
Prerequisites
Before we begin, ensure you have:
- An AWS account with appropriate permissions to create and manage resources.
- Basic understanding of AWS services and CloudFormation concepts.
Below is the CloudFormation template combining the setup of AWS API Gateway, Network Load Balancer (NLB), Target Group, Security Group, Virtual Private Cloud (VPC), resource policy, and API deployment:
AWSTemplateFormatVersion: '2010-09-09'
Description: "AWS API Gateway with NLB, Target Group, Security Group, VPC, Resource Policy, and API Deployment"
Parameters:
EnvironmentName:
Type: String
Default: "production"
Description: "The name of the environment (e.g., production, development)"
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/16"
EnableDnsSupport: true
EnableDnsHostnames: true
MySubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: "10.0.0.0/24"
AvailabilityZone: !Select [ 0, !GetAZs '' ]
MySubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: "10.0.1.0/24"
AvailabilityZone: !Select [ 1, !GetAZs '' ]
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: MyInternetGateway
MyVPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref MyInternetGateway
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP and HTTPS traffic
VpcId: !Ref MyVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
MyNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets:
- !Ref MySubnet1
- !Ref MySubnet2
LoadBalancerAttributes:
- Key: load_balancing.cross_zone.enabled
Value: "true"
MyTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref MyVPC
Protocol: TCP
Port: 80
TargetType: instance
MyAPIGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name: MyAPI
MyAPIResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref MyAPIGateway
ParentId: !GetAtt MyAPIGateway.RootResourceId
PathPart: myresource
MyAPIMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: GET
ResourceId: !Ref MyAPIResource
RestApiId: !Ref MyAPIGateway
Integration:
IntegrationHttpMethod: POST
Type: HTTP
Uri: !Sub "http://${MyNLB.DNSName}:80/myendpoint"
MyAPIDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId: !Ref MyAPIGateway
StageName: !Ref EnvironmentName
MyAPIGatewayPermission:
Type: AWS::Lambda::Permission
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref MyLambdaFunction
Principal: apigateway.amazonaws.com
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyAPIGateway}/*/*/*"
This template creates the following resources:
- VPC with two subnets in different availability zones.
- Internet Gateway and attach it to the VPC.
- Security Group allowing HTTP (port 80) and HTTPS (port 443) traffic.
- Network Load Balancer (NLB) with the internet-facing scheme and cross-zone load balancing enabled.
- Target Group for NLB with TCP protocol on port 80.
- API Gateway with a REST API named "MyAPI".
- API Gateway resource named "myresource" for defining endpoints.
- API Gateway method (GET) with integration to the NLB endpoint.
- API Gateway deployment with the specified stage name.
Lambda function permission for API Gateway to invoke the function.
Template Overview From CloudFormation Template
You can further customize this template based on your specific requirements, such as adding Lambda functions, additional resources, or configuring advanced settings for API Gateway and NLB.
Opinions expressed by DZone contributors are their own.
Comments