By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Network load balancing : Cloudfront access

0

Hi,

How can I allow my CloudFront React.js app to access my internal NLB? My NLBs are internal, and only resources within the VPC can communicate with them.

Do I need to create an API Gateway with a VPC Link?

Thanks for your help.

Topics
Networking & Content DeliveryServerlessFront-End Web & Mobile
Tags
Amazon VPCAmazon API GatewayNetworking & Content DeliveryElastic Load Balancing
Language
English
Alex
asked 13 days ago349 views
3 Answers
2

Hi,

You can access a Private NLB via VPC Private Link: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html

The page above details your exact use case:

Enter image description here

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 13 days ago
profile picture
EXPERT
Gary Mclean
reviewed 13 days ago
  • Alex
    13 days ago

    Thank you for your previous response.

    I have configured my Network Load Balancer (NLB) within a VPC Private Link and created an API Gateway with the necessary resources to connect to it. However, I am encountering an issue where I am unable to reach my NLB through the VPC Link. The API Gateway returns an internal server error with the following message:

    Execution failed due to configuration error: There was an internal error while executing your request

    Unfortunately, I do not have additional logs to further diagnose the issue. Could you please advise on how to debug this situation? Any guidance or suggestions would be greatly appreciated.

    Thank you for your assistance.

1

Hello,

You're correct that CloudFront, by itself, cannot access resources within your VPC, including your internal NLB. Here are approache to allow your CloudFront React.js app to access your internal NLB:

API Gateway with VPC Link:

Yes, creating an API Gateway with a VPC Link is a good approach. Here's how it works:

API Gateway: Exposes a public endpoint for your React.js app to interact with. VPC Link: Connects the API Gateway to your VPC, allowing it to communicate with your internal NLB. Benefits:

Security: You can control access to the API Gateway using IAM policies, ensuring only authorized requests reach your NLB. Flexibility: API Gateway can handle various request types (GET, POST, etc.) and manipulate data before forwarding it to your NLB.

Troubleshooting:

Connectivity Issues: Ensure proper configuration of the VPC Link, security groups, and route tables. Check CloudWatch logs for API Gateway and NLB for any errors.

API Gateway with VPC Link

https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html

API Gateway Developer Guide:

https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html

profile picture
EXPERT
Garre Sandeep
answered 13 days ago
EXPERT
Pandurangaswamy
reviewed 13 days ago
0

CloudFront is located outside VPC, so it can NOT directly access your Private Load Balancer.

Please check this answer

https://repost.aws/questions/QUi6e8FXZkQyCHd3g_on5CRQ/cdk-cloudfront-distribution-pointing-to-a-private-loadbalancer-on-a-vpc#ANAb5an4cTTAa_jln7UmK0xA

profile picture
EXPERT
Oleksii Bebych
answered 13 days ago
profile picture
EXPERT
Gary Mclean
reviewed 13 days ago

Relevant content