Microservice deployment and creation of custom domain name via API Gateway and Route 53
In this article, I will explain the step-by-step process starting from defining task definition for your microservice and exposing the microservice to the external users through a custom domain name.
There are business use cases where we are required to expose one of our microservices to an external user or client. But sometimes these microservices are hosted in a private VPC and exposing all of the microservices will lead to security issues. To avoid and expose only the required service, we use API gateway and Route 53 as a solution,
Steps involved in the process,
Assumption: Image for the microservice is stored in AWS ECR service, Let's start by creating a task definition for our service, Go to AWS ECS -> task definition. Create task definition,
Setup the mount volume:
Provide the container definition: (before setting this up, go to ECR and get the proper image with the version)
Create the service under the ECS cluster for the microservice,
Configure the load balancer for the MS,
Wait for 2 minutes and then the tasks will be running under the newly created service.
Enabling API gateway to expose the endpoint of these microservices
1. Go to AWS API Gateway services. Create VPC Link for the MS
a. Select the respective ECS ALB Load balancer and the same VPC configured for the load balancer used for the microservice.
b. Provide the Security group, set for the load balancer
2. After the VPC link is created, create the API,
a. Choose type as -> HTTP API type
b. Give the API details,
c. Set the stage, let it be the default. Click on Next and create.
d. Result of the above steps gives the dashboard as below,
e. Configure routes, create a route. Set the method as /path/{proxy+} as below,
f. Configure the integration, (click on Create and Attach an Integration, select the integration type as ‘Private resource’, specify the LB that is configured for your microservices through the ECS cluster and the VPC link created in the first step)
Post creation, test the configuration by giving the invoke URL- created by API gateway in the browser,
Creation of custom domain name to expose the microservice
- Create a public certificate through the AWS Certificate manager service
2. Provide a domain name, make sure the registered name is under your company or your domain that is created through AWS Route 53 services.
For e.g., if your domain is testaws.com, provide the domain name mymicro.testaws.com
3. At the last step, the screen will show as below. Copy the CNAME, name, and value.
4. Go to the account, where your domain is maintained. It can be either in the same account or to the master account. (Depends on how the company has configured). Invoke Route 53, AWS services, for the domain registered. (For e.g., testaws.com). This is for making the certificate valid.
Add a record for the newly created certificate.
Go to the AWS Certificate manager account, where the public certificate was issued. Wait for 15–30 mins for the certificate to get validated. After which the certificate status will be changed from Pending Validation to Issued.
5. Configure the domain name to API endpoint URL, which got created in API gateway. Go to API gateway services and select the custom domain name. Click on create.
Give the domain name mymicro.testaws.com and give the certificate that was created above. In the ACM certificate field, the certificate created will get listed, select that as below.
After creating, the dashboard will look like below, copy the API gateway domain name.
Click on the API mappings tab and select the microservice API created,
After the mapping is given, now go to the account, where your domain is maintained. It can be either in the same account or to the master account. (Depends on how the company has configured). Invoke Route 53, AWS services, for the domain registered. (For e.g., testaws.com)
Now your domain name is created. Test by invoking it.