How do I use API Gateway as a proxy for another AWS service?
I want to create an API Gateway that will use the authentication for another AWS service.
The problem is, when I try to call the second service I get an error that says "The security token included in the request is invalid" which is correct because I'm not using a valid security token. I know I can simply change the request headers so that it looks like a proxy but is there a way to go through API Gateway and authenticate with another service?
There is no way to proxy your own authentication to an arbitrary service within the same AWS account. This would require impersonating the other service (which you can't do either).
Your best bet is to use the same account, and allow the user to choose whether to access your service or the other. You could configure a security group to restrict your own service access only to the specific IPs that the user chooses, and deny access to the other service.
What is the difference between proxy and proxy API Gateway?
Proxy Api Gateway is used when you want to call a 3rd party API that returns JSON, HTML or XML as result.
This way you will call the API from your own server and that API will handle all the HTTP traffic and format. You then get the response from the API in JSON/XML or HTML.
Proxy Gateway API is used when you have to call a lot of different REST APIs. I think it's something like an API gateway for APIs. But as I said above it doesn't matter if you call a 3rd party API or if you do it from your own backend.
This is what I understand. Hope this helps you a bit.
Can API Gateway be used as a proxy?
I'm considering using API Gateway to expose some services, like Postgres or Redis, which I will not allow to be publicly accessed.
To use with an HTTP client like CURL or libcurl, what would be the best approach? I could expose a local server listening on the loopback, and have API Gateway proxy the requests to the locally exposed service (and vice-versa). I could change my application so that it responds to the hostname, without requiring HTTP access, and return a special status code to indicate whether the request should be proxied. Of course, if I do that, the application must be aware of the protocol requirements to be able to differentiate between "Proxy" requests and any other requests.
Another thing I could do is expose an endpoint in API Gateway using some reverse proxy service, such as nginx, and have it listen for port 80, which it then forwards to my internal web server. I like the idea of a reverse proxy because it removes the ability to use arbitrary clients and forces traffic through API Gateway. However, this comes with a small price of needing a reverse proxy, like nginx or Apache Httpd. This also has its disadvantages: you need to configure the application(s) to behave differently depending on the host, and they need to respond to other HTTP headers they may never have before.
Is it possible for API Gateway to be used as a reverse proxy? To be clear, I am assuming all incoming requests from an arbitrary client come in through API Gateway. What I don't know is whether API Gateway itself can respond to the same hostname, and instead use the client's IP address and other information to determine if the request should be proxied.
I think it's possible that a request to could be answered by a backend in API Gateway, but since the API Gateway documentation says requests to non-existent domains will also be proxied, I'm not sure how to be sure an HTTP request coming in on 127.1 would work instead of ending up in my "non-proxy" backend.
This won't work. API Gateway needs to understand the request itself, including the URL.
Related Answers
How do you power automate for web scraping?
I'm trying to scrape a website that has an API. I'm using t...
What is Lambda proxy in AWS?
How can I add a proxy to AWS Lambda? I have been digging into th...
What is a private certificate authority?
A lot of people confuse the private key of a CA with that of a certificate.br...