[{"data":1,"prerenderedAt":88},["ShallowReactive",2],{"pattern-apigw-vpclink-fargate":3},{"id":4,"title":5,"architectureURL":6,"cleanup":7,"contributors":12,"deploy":14,"description":17,"extension":18,"framework":19,"gitHub":20,"highlight":6,"introBox":29,"language":34,"level":35,"meta":36,"patternArch":37,"resources":68,"s3URL":80,"services":81,"stem":82,"testing":83,"videoId":28,"__hash__":87},"patterns\u002Fpatterns\u002Fapigw-vpclink-fargate.json","Amazon Cognito to Amazon API Gateway private REST API",null,{"headline":8,"text":9},"Cleanup",[10,11],"1. Delete the stack: \u003Ccode>sam delete --stack-name STACK_NAME\u003C\u002Fcode>.","2. Confirm the stack has been deleted: \u003Ccode>aws cloudformation list-stacks --query \"StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus\"\u003C\u002Fcode>",[13],"content\u002Fcontributors\u002Fjose-e-montilla-l.json",{"text":15},[16],"sam deploy -g --capabilities CAPABILITY_AUTO_EXPAND CAPABILITY_IAM","Create an API Gateway private REST API with private integration.","json","AWS SAM",{"template":21,"payloads":26},{"projectFolder":22,"repoURL":23,"templateURL":24,"templateFile":25},"cognito-restapi-vpclink","https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fserverless-patterns\u002Ftree\u002Fmain\u002Fcognito-restapi-vpclink","serverless-patterns\u002Fcognito-restapi-vpclink","template.yml",[27],{"headline":28,"payloadURL":28},"",{"headline":30,"text":31},"How it works",[32,33],"This SAM template implements an Amazon API Gateway private REST API with private integration. It can be used if you have a private API inside a VPC which is currently open to unauthenticated clients and you want to protect it by adding an authentication and authorization layer without having to modify the API itself.","The template creates a private REST API in Amazon API Gateway which sits in front of the original backend API. Requests will go through the API Gateway endpoint and will be authorized using a Cognito authorizer. The integration with the backend resource is done via a VPC link to connect to private resources inside the VPC. The API Gateway API is configured with a greedy proxy (\"{proxy+}\") which means that everything in the URL path will be passed to the backend without any modification. The API has an \"ANY\" method to accept all methods such as GET or POST. Finally, the OPTIONS method is configured so that the API can process preflight requests from browsers making cross-origin requests (CORS).","Python","300",{},{"group1":38,"icon1":44,"icon2":49,"icon3":53,"icon4":57,"line1":61,"line2":64,"line3":66},{"x":39,"y":40,"w":41,"h":42,"label":43},26,15,72,70,"VPC",{"x":45,"y":46,"service":47,"label":48},13,50,"cognito","Amazon Cognito",{"x":50,"y":46,"service":51,"label":52},38,"apigw","API Gateway",{"x":54,"y":46,"service":55,"label":56},63,"vpc-endpoint","VPC Link",{"x":58,"y":46,"service":59,"label":60},88,"fargate","AWS Fargate",{"from":62,"to":63},"icon1","icon2",{"from":63,"to":65},"icon3",{"from":65,"to":67},"icon4",{"headline":69,"bullets":70},"Additional resources",[71,74,77],{"text":72,"link":73},"Working with HTTP APIs","https:\u002F\u002Fdocs.aws.amazon.com\u002Fapigateway\u002Flatest\u002Fdeveloperguide\u002Fhttp-api.html",{"text":75,"link":76},"Working with AWS Lambda proxy integrations for HTTP APIs","https:\u002F\u002Fdocs.aws.amazon.com\u002Fapigateway\u002Flatest\u002Fdeveloperguide\u002Fhttp-api-develop-integrations-lambda.html",{"text":78,"link":79},"Understanding VPC links in Amazon API Gateway private integrations","https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Fcompute\u002Funderstanding-vpc-links-in-amazon-api-gateway-private-integrations\u002F","https:\u002F\u002Fda-public-assets.s3.amazonaws.com\u002Fpatterns\u002Fapigw-vpclink-fargate\u002Fcloudformation.yml",{"from":51,"to":59},"patterns\u002Fapigw-vpclink-fargate",{"headline":84,"text":85},"Testing",[86],"See the repo for detailed testing notes.","gpmIThZSdCh-C1bMNxc0EekL6LLPHq3luzAIJqgMrcU",1779273333378]