I am new to cloud and AWS and we have the below problem statement.
We have an API on-premises and one of our partners want to access it. We are planning to create private link connecting & exposing the onPrem API from our vpc so that our partner VPC can connect to it. Could you please guide in how the target groups should look to configure to point to the APIs? The options just say "instance","ip address","lambda","alb". I am confused on how to proceed further . Pls help thanks.
It is not clear how the API is currently setup.
If you want to expose your application hosted in onprem using endpoint service then you can create network load balancers and in target group use IP address to point the hosting platform in onprem. Then create vpc endpoint service and shared that with your partner account.
Please follow the link on setup.
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
Partner then can access using service endpont DNS or they can create custom DNS name in there domain pointing to service endpoint DNS.
Related
I'm sure this is a very basic question, but I have been spending a lot of time on it and have not found a clear answer.
I am trying to create a bicep file with the appropriate setup for my webapi, but have been struggling with vnet as I transition from a prototype to a beta release. I thought it might be easy to find a template for a app service for web api, connecting to an Azure SQL database and files from blob storage using a vnet. The place where I am stuck right now it
service endpoints
subnet delegation
I read this post, which was helpful, but did not address service endpoints. Do I use delegation wherever possible and service endpoints when they are not available?
I have other service to add like notification hubs and am considering api management as well as key vault but really need to get the basics down and I am struggling.
A great reference for learning Bicep and seeing examples of how to create them:
Azure/ResourceModules
Azure/azure-quickstart-templates
Note while the quick start repoistory is ARM templates, you can take most of those and use Bicep CLI to convert them to Bicep.
The primary difference between delegation and service endpoints with virtual networks (vnets):
delegation means a given subnet is only going to be used by that service (this is related to PaaS services)
service endpoint is allowing secure and direct connectivity for that service to the subnet assigned
An example of the above:
Delegation
Deploying App Services is one of the most common Azure services that requires a dedicated subnet be allocated just for that service, aka delegation.
Service Endpoint
Deploying a Virtual Machine that you need to access a Storage Account from? The subnet where the Virtual Machine is deployed will need to have the Microsoft.Storage service endpoint enabled to allow the secure, direct connection to it.
One thing to note on service endpoints, while they are still used Microsoft recommends use of Private Endpoints as well. This allows you to directly connect to the service endpoint over the private/internal network of your VNet.
Bear with me, I am still on training wheels with GCP
Scenario being
I have a Cloud Run instance serving an API (to be consumed internally)
A middleware running on Cloud Compute instance serving an API. This utilises API served by (1)
(2) needs to access (1)
I'm trying to figure out how to discover the internal DNS name or IP, so that the middleware (2) can be configured to access Cloud Run served API (1)
Intention being to create templates (environment config files) so that I can eventually automate the deployment of all layer.
With Cloud Run, you can't know before the first deployment the URL of the service. The pattern is
https://<serviceName>-<projectHash>.<region>.run.app
You can also have optionally a tag at the beginning, but it's not important here.
The bad part is the project Hash can't be calculated before the deployment (or I donc know the hash formula). Thus it's impossible to register in a DNS the URL in advance of the deployment.
However, if you use tools like terraform, you can get, as output, the URL of the service after the deployment and then register it in your DNS, as CNAME (Cloud Run is a managed service, you haven't a static IP).
You can also use the CLoud Run API to request the list of services on a project, pick the service that you want and get the URL of the service (get request to the service API)
A last word before you hit the wall, you talk about internal endpoint. Cloud Run url is public, and public only. Therefore, your middleware need to access to the internet to be able to request Cloud Run.
If your middleware is deployed on the same project, you can set the Cloud Run service ingress to internal to allow only resources from the VPCs of the current project to access to Cloud Run service.
But the URL is still public and you need an internet access to resolve and to access it.
If you don't wanna be bothered by service discovery and constructing the full URL, you can use runsd, a solution that I developed for Cloud Run that allows you to call a service by its name (e.g. http://hello).
I am trying to add an ASP.NET 4.x app hosted externally (using AWS Elastic Beanstalk) into the Service-registry of an existing PCF.
Edit: Is this possible? If so, can someone give me an example about how this can be done
Assuming you have network connectivity in all directions between apps in PCF and the external app, yes this should be quite possible.
However, if you're using Spring Cloud Eureka, your externally-hosted app will need to get valid OAuth credentials so that it can authenticate prior to registering.
The comment by Daniel Mikusa is very appropriate for how I achieved this.
For Pivotal SCS, you would want to create a service instance (if you
don't have one already), then create a service key for your external
app. That will give you all of the binding info/creds you need to
connect from your remote service. A service key is the same as binding
a service to an app, except it's not tied to an app so it works well
for situations like this. Just give your service key a good name, so
you know that it's being used by an external app when you come back
and see it a year from now
I have a query on a design hope you guys can clarify my doubt.
I have a specific requirement in which Mule is used just to expose the back end services in API gateway, backend services are written in Spring boot and other technology, all these services needs to be exposed in API gateway.
Is this a good practice to do that and if yes how can we do that?
I saw that in API manager we can create proxy layer on top of the services developed in Mule but is it possible to create proxies for the services developed in different technologies?
Absolutely ... For creating proxy service, it doesn't matter what type of technology does the backend service have.
It can create a proxy layer for any kind of backend service available either locally, in cloud or other remote location till the service url is accessible.
This proxy will create an additional layer hiding the actual url to the external world.
it doesn't matter what technology you are using for development as long as those are REST services and accessible to the cloudhub application. You can deploy those on-premise and can integrate your local runtime with cloudhub. Also, mule supports spring projects and you can directly configure your spring project/details inside mule.
I created the secure gateway in my space and connected it to the client on my laptop (Mac Installer), I also created the destination (localhost, port 3000, TCP), now I need to create some APIs with API Management service but I am not able to see the APIs deployed in My laptop form the APIM Service.
Do I Need to configure something special to be able to connect it to my local APIs? I also need to do the same for some SOA services with WSDL.
Any help or info about how to configure this connections will be really appreciated.
Thank you very much!
#Luis Florez
Please see the section Importing or composing APIs in the page
https://www.ng.bluemix.net/docs/services/APIManagement/index.html
and it will provide some pointers to expose APIs in API management service.