HTTP API Gateways
An HTTP API Gateway serves as an entry point for your application, routing HTTP traffic to your compute resources. It can be integrated with functions, batch jobs, and multi-container workloads.
Each API gateway is secured with TLS by default. You can also configure a custom domain name, enable CORS, or place a CDN in front of your gateway.
When to use them
HTTP API Gateways are a good fit for any modern web application, from a simple "front door" for a lightweight service to a powerful backend API with authorization and monitoring.
Advantages
- Pay-per-use: You are only charged for the number of requests your gateway processes (from $0.90 to $1.00 per million requests).
- Scalability: The gateway scales automatically to handle thousands of requests per second.
- Security: Each gateway is secured with TLS by default.
- High availability: API Gateway has a 99.95% monthly uptime SLA.
- Ease of use: You can integrate a gateway with your compute resources with just a few lines of configuration.
Disadvantages
- Limited routing: HTTP API Gateways only support path-based routing. If you need to route requests based on query parameters, IP addresses, or HTTP headers, consider using an Application Load Balancer instead.
Basic usage
You don't need to specify any properties to create a basic HTTP API Gateway.
resources:myHttpApi:type: 'http-api-gateway'
Integrating with compute resources
You can forward requests from an API gateway to your compute resources by creating an event integration on a multi-container workload, function, or batch job.
Each integration must specify:
httpApiGatewayName: The name of the API gateway.path: A path pattern that the request must match.method: The HTTP method that the request must match.
If multiple integrations match a request, the most specific one is chosen.
This example shows two integrations:
- The first forwards all requests (
/{proxy+}) to a multi-container workload. - The second, which is more specific, forwards
GETrequests for/invoke-my-functionto a Lambda function.
resources:myHttpApi:type: http-api-gatewaymyFunction:type: functionproperties:packaging:type: stacktape-lambda-buildpackproperties:entryfilePath: 'path/to/my-lambda.ts'events:- type: http-api-gatewayproperties:httpApiGatewayName: 'myHttpApi'path: '/invoke-my-function'method: 'GET'mySingleContainer:type: 'multi-container-workload'properties:containers:- name: 'myAppContainer'packaging:type: stacktape-image-buildpackproperties:entryfilePath: '_example-configs/containers/ts-container.ts'environment:- name: portvalue: 80events:- type: 'http-api-gateway'properties:httpApiGatewayName: 'myHttpApi'containerPort: 80path: /{proxy+} # greedy pathmethod: '*'resources:cpu: 0.25memory: 512
An HTTP API Gateway with integrations for both a function and a multi-container workload.
For more information, see the documentation on integrating API gateways with functions and multi-container workloads.
CORS
Cross-Origin Resource Sharing (CORS) is a security feature that controls how web browsers handle requests to a different domain than the one the user is currently on. If your frontend and backend are on different domains (e.g., mydomain.com and api.mydomain.com), you'll need to configure CORS.
If you are already handling CORS in your application code, you don't need to enable it in your Stacktape configuration.
You can enable CORS with a single line:
resources:myHttpApi:type: 'http-api-gateway'properties:cors:enabled: true
You can also customize the CORS headers:
If you do not specify any additional properties, default CORS configuration is used:
AllowedMethods: Inferred from methods used by integrations associated with the api gatewayAllowedOrigins:*AllowedHeaders:Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
Custom domain names
You can use a custom domain for your API gateway. If you don't have one, you can register one through Stacktape.
If you already have a domain, you can either let Stacktape manage it (if you use AWS Route 53 for DNS) or use a third-party DNS provider.
For more details, see the Domains and Certificates page.
Using Stacktape to manage domains and certs
Stacktape allows you to connect your custom domain names to some of your resources (Web Service, HTTP API Gateways, Application Load Balancers and Buckets with CDNs).
Connecting a custom domain to the resource does 2 things:
- Creates DNS records:
- If you use your custom domain with a resource, Stacktape automatically creates a DNS record (during deploy) pointing the specified domain name to the resource.
- Adds TLS certificates
- If the origin resource (HTTP API Gateway, Application Load Balancer or CDN) uses HTTPS protocol, Stacktape takes care of issuing and attaching correct (free, AWS-managed) certificate to the resource. This means, you do not have to deal with TLS termination as it is handled by the connected resource.
- If you want to use your own certificates, you can configure
customCertificateArns.
To manage a custom domain, it first needs to be added to your AWS account. This means that a hosted zone (collection of records managed together for a given domain) for your domain exists in your AWS account and your domain registrar's name servers are pointing to it. To learn more, refer to Adding a domain guide.
resources:myHttpApi:type: 'http-api-gateway'properties:customDomains:- domainName: whatever.mydomain.com
Using a 3rd-party DNS
To use a domain from a provider like GoDaddy or Cloudflare:
- Create or import a TLS certificate for your domain in the AWS Certificate Manager console and copy its ARN.
- Add the
customDomainsconfiguration to your API gateway, using the certificate ARN and disabling DNS record creation.
resources:myWebsite:type: http-api-gatewayproperties:customDomains:- domainName: mydomain.comdisableDnsRecordCreation: truecustomCertificateArn: <<ARN_OF_YOUR_CERTIFICATE>>
- After deploying, find the API gateway's domain name in the Stacktape Console.
- In your DNS provider's dashboard, create a
CNAMEorALIASrecord pointing to the API gateway's domain name.
Access logs
Access logs contain basic information about requests to your API gateway, which can be useful for auditing and compliance. Stacktape enables access logging by default, with a retention period of 30 days.
- Stored properties are:
requestId,ip,requestTime,httpMethod,routeKey,status,protocolandresponseLength. - You can configure log format. Supported values are
CLF,JSON,XMLandCSV. - You can browse your logs in 2 ways:
- go to the log group page in the AWS CloudWatch console. You can use
stacktape stack-infocommand to get a direct link. - use stacktape logs command to print logs to the console
- go to the log group page in the AWS CloudWatch console. You can use
resources:myHttpApi:type: 'http-api-gateway'properties:logging:format: CSV
CDN
You can place an AWS CloudFront CDN in front of your API gateway to cache responses and reduce latency.
- CDN is a globally distributed network that can cache responses from your HTTP API Gateway at the edge - close to your users.
- AWS Cloudfront has 205 edge locations on 6 continents.
- The CDN is used to:
- reduce latency & improve load times
- reduce bandwidth costs
- reduce the amount of traffic coming to the origin
- improve security
- The "origin" is the resource (HTTP API Gateway) to which CDN is attached. CDN caches responses from the origin at the edge for specified amount of time.
- If the content requested by the client is in the CDN cache, the CDN immediately returns it to the client without making a request to the origin.
- If the content is NOT in the cache, the CDN makes a request to the Origin. The response from the origin is then forwarded to the client, and cached at the edge.
For more information, see the CDN documentation.
Referenceable parameters
The following parameters can be easily referenced using $ResourceParam directive directive.
To learn more about referencing parameters, refer to referencing parameters.
Default domain name
- Usage:
$ResourceParam('<<resource-name>>', 'domain')
Default URL
- Usage:
$ResourceParam('<<resource-name>>', 'url')
Comma-separated list of custom domain names assigned to the HTTP Api Gateway (only available if you use custom domain names)
- Usage:
$ResourceParam('<<resource-name>>', 'customDomains')
Comma-separated list of custom domain name URLs (only available if you use custom domain names)
- Usage:
$ResourceParam('<<resource-name>>', 'customDomainUrls')
URL of the first custom domain name connected to this resource (only available if you use custom domain names)
- Usage:
$ResourceParam('<<resource-name>>', 'customDomainUrl')
Default domain of the CDN distribution (only available if you DO NOT configure custom domain names for the CDN).
- Usage:
$ResourceParam('<<resource-name>>', 'cdnDomain')
Default url of the CDN distribution (only available if you DO NOT configure custom domain names for the CDN).
- Usage:
$ResourceParam('<<resource-name>>', 'cdnUrl')
Comma-separated list of custom domain names assigned to the CDN (only available if you configure custom domain names for the CDN).
- Usage:
$ResourceParam('<<resource-name>>', 'cdnCustomDomains')
Comma-separated list of custom domain name URLs of the CDN (only available if you configure custom domain names for the CDN).
- Usage:
$ResourceParam('<<resource-name>>', 'cdnCustomDomainUrls')