From 338d23291b5d738d5bfd992a1b8a13ce510eeca5 Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Mon, 8 Dec 2025 16:50:05 +0000 Subject: [PATCH 1/7] added YAML template --- restapi-vpclink-v2/README.md | 60 ++++++++++++++++++ restapi-vpclink-v2/example-pattern.json | 59 ++++++++++++++++++ restapi-vpclink-v2/template.yaml | 82 +++++++++++++++++++++++++ 3 files changed, 201 insertions(+) create mode 100644 restapi-vpclink-v2/README.md create mode 100644 restapi-vpclink-v2/example-pattern.json create mode 100644 restapi-vpclink-v2/template.yaml diff --git a/restapi-vpclink-v2/README.md b/restapi-vpclink-v2/README.md new file mode 100644 index 0000000000..8e3a35d132 --- /dev/null +++ b/restapi-vpclink-v2/README.md @@ -0,0 +1,60 @@ +# AWS Service 1 to AWS Service 2 + +This pattern << explain usage >> + +Learn more about this pattern at Serverless Land Patterns: << Add the live URL here >> + +Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. + +## Requirements + +* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources. +* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured +* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) +* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed + +## Deployment Instructions + +1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository: + ``` + git clone https://github.com/aws-samples/serverless-patterns + ``` +1. Change directory to the pattern directory: + ``` + cd _patterns-model + ``` +1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file: + ``` + sam deploy --guided + ``` +1. During the prompts: + * Enter a stack name + * Enter the desired AWS Region + * Allow SAM CLI to create IAM roles with the required permissions. + + Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults. + +1. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing. + +## How it works + +Explain how the service interaction works. + +## Testing + +Provide steps to trigger the integration and show what should be observed if successful. + +## Cleanup + +1. Delete the stack + ```bash + aws cloudformation delete-stack --stack-name STACK_NAME + ``` +1. Confirm the stack has been deleted + ```bash + aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" + ``` +---- +Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. + +SPDX-License-Identifier: MIT-0 diff --git a/restapi-vpclink-v2/example-pattern.json b/restapi-vpclink-v2/example-pattern.json new file mode 100644 index 0000000000..8616bc19b6 --- /dev/null +++ b/restapi-vpclink-v2/example-pattern.json @@ -0,0 +1,59 @@ +{ + "title": "Step Functions to Athena", + "description": "Create a Step Functions workflow to query Amazon Athena.", + "language": "Python", + "level": "200", + "framework": "AWS CDK", + "introBox": { + "headline": "How it works", + "text": [ + "This sample project demonstrates how to use an AWS Step Functions state machine to query Athena and get the results. This pattern is leveraging the native integration between these 2 services which means only JSON-based, structured language is used to define the implementation.", + "With Amazon Athena you can get up to 1000 results per invocation of the GetQueryResults method and this is the reason why the Step Function has a loop to get more results. The results are sent to a Map which can be configured to handle (the DoSomething state) the items in parallel or one by one by modifying the max_concurrency parameter.", + "This pattern deploys one Step Functions, two S3 Buckets, one Glue table and one Glue database." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/sfn-athena-cdk-python", + "templateURL": "serverless-patterns/sfn-athena-cdk-python", + "projectFolder": "sfn-athena-cdk-python", + "templateFile": "sfn_athena_cdk_python_stack.py" + } + }, + "resources": { + "bullets": [ + { + "text": "Call Athena with Step Functions", + "link": "https://docs.aws.amazon.com/step-functions/latest/dg/connect-athena.html" + }, + { + "text": "Amazon Athena - Serverless Interactive Query Service", + "link": "https://aws.amazon.com/athena/" + } + ] + }, + "deploy": { + "text": [ + "sam deploy" + ] + }, + "testing": { + "text": [ + "See the GitHub repo for detailed testing instructions." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: cdk delete." + ] + }, + "authors": [ + { + "name": "Your name", + "image": "link-to-your-photo.jpg", + "bio": "Your bio.", + "linkedin": "linked-in-ID", + "twitter": "twitter-handle" + } + ] +} diff --git a/restapi-vpclink-v2/template.yaml b/restapi-vpclink-v2/template.yaml new file mode 100644 index 0000000000..3a15d24a4f --- /dev/null +++ b/restapi-vpclink-v2/template.yaml @@ -0,0 +1,82 @@ +Transform: AWS::Serverless-2016-10-31 +Description: REST API Gatewayus using VPC Link V2 integration with a Load Balancer +Parameters: + LoadBalancerArn: + Description: The ARN of the private ALB or NLB used with the VPC Link + Type: String + LoadBalancerDnsName: + Description: the integration URI (DNS Name of the LoadBalancer for HTTP port 80 requests - or the DNS Name of the Certificate used on the SSL Listener port 443) + Type: String + VpcId: + Description: ID of an existing Virtual Private Cloud (VPC). + Type: AWS::EC2::VPC::Id + PrivateSubnetIds: + Description: Select at least 2 existing private subnets which are also used on the Load Balancer + Type: List + +Resources: + SecurityGroupAlbVpcLink: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: VPC Link V2 security group + SecurityGroupEgress: + - Description: Allow all outbound traffic + IpProtocol: '-1' + CidrIp: 0.0.0.0/0 + VpcId: !Ref VpcId + + VpcLinkV2: + Type: AWS::ApiGatewayV2::VpcLink + DependsOn: SecurityGroupAlbVpcLink + Properties: + Name: VpcLinkAlbRest + SecurityGroupIds: + - !Ref SecurityGroupAlbVpcLink + SubnetIds: !Ref PrivateSubnetIds + + RestAPIAlb: + Type: AWS::Serverless::Api + DependsOn: VpcLinkV2 + Properties: + Name: !Sub + - ${ResourceName} From Stack ${AWS::StackName} + - ResourceName: RestAPIAlb + EndpointConfiguration: REGIONAL + StageName: slay + DefinitionBody: + openapi: '3.0' + paths: + /vpclink-v2: + get: + x-amazon-apigateway-integration: + connectionType: VPC_LINK + connectionId: !Ref VpcLinkV2 + httpMethod: ANY + type: http_proxy + uri: !Ref LoadBalancerDnsName + integrationTarget: !Ref LoadBalancerArn + responses: + "200": + description: "200 response" + /mock: + get: + responses: + "200": + description: "200 response" + x-amazon-apigateway-integration: + type: "mock" + responses: + default: + statusCode: "200" + responseTemplates: + application/json: "{\n\"body\" : \"success!! Don't stoFP believing!!\",\n }" + requestTemplates: + application/json: "{\"statusCode\": 200}" + passthroughBehavior: "when_no_match" + +Outputs: + ApiEndpoint: + Description: API Gateway Endpoint URL + Value: !Sub 'https://${RestAPIAlb}.execute-api.${AWS::Region}.amazonaws.com/Stage/vpclink-v2' + Export: + Name: !Sub '${AWS::StackName}-ApiEndpoint' \ No newline at end of file From 238f336132ba570da3e5ba8b8ec24f11429fb0ec Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Mon, 8 Dec 2025 17:04:51 +0000 Subject: [PATCH 2/7] changed folder name --- apigw-restapi-vpclink-v2/README.md | 60 ++++++++++++++ apigw-restapi-vpclink-v2/example-pattern.json | 59 +++++++++++++ apigw-restapi-vpclink-v2/template.yaml | 82 +++++++++++++++++++ 3 files changed, 201 insertions(+) create mode 100644 apigw-restapi-vpclink-v2/README.md create mode 100644 apigw-restapi-vpclink-v2/example-pattern.json create mode 100644 apigw-restapi-vpclink-v2/template.yaml diff --git a/apigw-restapi-vpclink-v2/README.md b/apigw-restapi-vpclink-v2/README.md new file mode 100644 index 0000000000..8e3a35d132 --- /dev/null +++ b/apigw-restapi-vpclink-v2/README.md @@ -0,0 +1,60 @@ +# AWS Service 1 to AWS Service 2 + +This pattern << explain usage >> + +Learn more about this pattern at Serverless Land Patterns: << Add the live URL here >> + +Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. + +## Requirements + +* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources. +* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured +* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) +* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed + +## Deployment Instructions + +1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository: + ``` + git clone https://github.com/aws-samples/serverless-patterns + ``` +1. Change directory to the pattern directory: + ``` + cd _patterns-model + ``` +1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file: + ``` + sam deploy --guided + ``` +1. During the prompts: + * Enter a stack name + * Enter the desired AWS Region + * Allow SAM CLI to create IAM roles with the required permissions. + + Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults. + +1. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing. + +## How it works + +Explain how the service interaction works. + +## Testing + +Provide steps to trigger the integration and show what should be observed if successful. + +## Cleanup + +1. Delete the stack + ```bash + aws cloudformation delete-stack --stack-name STACK_NAME + ``` +1. Confirm the stack has been deleted + ```bash + aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" + ``` +---- +Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. + +SPDX-License-Identifier: MIT-0 diff --git a/apigw-restapi-vpclink-v2/example-pattern.json b/apigw-restapi-vpclink-v2/example-pattern.json new file mode 100644 index 0000000000..8616bc19b6 --- /dev/null +++ b/apigw-restapi-vpclink-v2/example-pattern.json @@ -0,0 +1,59 @@ +{ + "title": "Step Functions to Athena", + "description": "Create a Step Functions workflow to query Amazon Athena.", + "language": "Python", + "level": "200", + "framework": "AWS CDK", + "introBox": { + "headline": "How it works", + "text": [ + "This sample project demonstrates how to use an AWS Step Functions state machine to query Athena and get the results. This pattern is leveraging the native integration between these 2 services which means only JSON-based, structured language is used to define the implementation.", + "With Amazon Athena you can get up to 1000 results per invocation of the GetQueryResults method and this is the reason why the Step Function has a loop to get more results. The results are sent to a Map which can be configured to handle (the DoSomething state) the items in parallel or one by one by modifying the max_concurrency parameter.", + "This pattern deploys one Step Functions, two S3 Buckets, one Glue table and one Glue database." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/sfn-athena-cdk-python", + "templateURL": "serverless-patterns/sfn-athena-cdk-python", + "projectFolder": "sfn-athena-cdk-python", + "templateFile": "sfn_athena_cdk_python_stack.py" + } + }, + "resources": { + "bullets": [ + { + "text": "Call Athena with Step Functions", + "link": "https://docs.aws.amazon.com/step-functions/latest/dg/connect-athena.html" + }, + { + "text": "Amazon Athena - Serverless Interactive Query Service", + "link": "https://aws.amazon.com/athena/" + } + ] + }, + "deploy": { + "text": [ + "sam deploy" + ] + }, + "testing": { + "text": [ + "See the GitHub repo for detailed testing instructions." + ] + }, + "cleanup": { + "text": [ + "Delete the stack: cdk delete." + ] + }, + "authors": [ + { + "name": "Your name", + "image": "link-to-your-photo.jpg", + "bio": "Your bio.", + "linkedin": "linked-in-ID", + "twitter": "twitter-handle" + } + ] +} diff --git a/apigw-restapi-vpclink-v2/template.yaml b/apigw-restapi-vpclink-v2/template.yaml new file mode 100644 index 0000000000..3a15d24a4f --- /dev/null +++ b/apigw-restapi-vpclink-v2/template.yaml @@ -0,0 +1,82 @@ +Transform: AWS::Serverless-2016-10-31 +Description: REST API Gatewayus using VPC Link V2 integration with a Load Balancer +Parameters: + LoadBalancerArn: + Description: The ARN of the private ALB or NLB used with the VPC Link + Type: String + LoadBalancerDnsName: + Description: the integration URI (DNS Name of the LoadBalancer for HTTP port 80 requests - or the DNS Name of the Certificate used on the SSL Listener port 443) + Type: String + VpcId: + Description: ID of an existing Virtual Private Cloud (VPC). + Type: AWS::EC2::VPC::Id + PrivateSubnetIds: + Description: Select at least 2 existing private subnets which are also used on the Load Balancer + Type: List + +Resources: + SecurityGroupAlbVpcLink: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: VPC Link V2 security group + SecurityGroupEgress: + - Description: Allow all outbound traffic + IpProtocol: '-1' + CidrIp: 0.0.0.0/0 + VpcId: !Ref VpcId + + VpcLinkV2: + Type: AWS::ApiGatewayV2::VpcLink + DependsOn: SecurityGroupAlbVpcLink + Properties: + Name: VpcLinkAlbRest + SecurityGroupIds: + - !Ref SecurityGroupAlbVpcLink + SubnetIds: !Ref PrivateSubnetIds + + RestAPIAlb: + Type: AWS::Serverless::Api + DependsOn: VpcLinkV2 + Properties: + Name: !Sub + - ${ResourceName} From Stack ${AWS::StackName} + - ResourceName: RestAPIAlb + EndpointConfiguration: REGIONAL + StageName: slay + DefinitionBody: + openapi: '3.0' + paths: + /vpclink-v2: + get: + x-amazon-apigateway-integration: + connectionType: VPC_LINK + connectionId: !Ref VpcLinkV2 + httpMethod: ANY + type: http_proxy + uri: !Ref LoadBalancerDnsName + integrationTarget: !Ref LoadBalancerArn + responses: + "200": + description: "200 response" + /mock: + get: + responses: + "200": + description: "200 response" + x-amazon-apigateway-integration: + type: "mock" + responses: + default: + statusCode: "200" + responseTemplates: + application/json: "{\n\"body\" : \"success!! Don't stoFP believing!!\",\n }" + requestTemplates: + application/json: "{\"statusCode\": 200}" + passthroughBehavior: "when_no_match" + +Outputs: + ApiEndpoint: + Description: API Gateway Endpoint URL + Value: !Sub 'https://${RestAPIAlb}.execute-api.${AWS::Region}.amazonaws.com/Stage/vpclink-v2' + Export: + Name: !Sub '${AWS::StackName}-ApiEndpoint' \ No newline at end of file From 60bb3c30d521f9055b57778380a99b0bd0168d76 Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Mon, 8 Dec 2025 17:23:03 +0000 Subject: [PATCH 3/7] added JSON file --- apigw-restapi-vpclink-v2/example-pattern.json | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/apigw-restapi-vpclink-v2/example-pattern.json b/apigw-restapi-vpclink-v2/example-pattern.json index 8616bc19b6..6afcba3f31 100644 --- a/apigw-restapi-vpclink-v2/example-pattern.json +++ b/apigw-restapi-vpclink-v2/example-pattern.json @@ -3,21 +3,21 @@ "description": "Create a Step Functions workflow to query Amazon Athena.", "language": "Python", "level": "200", - "framework": "AWS CDK", + "framework": "AWS SAM", "introBox": { "headline": "How it works", "text": [ - "This sample project demonstrates how to use an AWS Step Functions state machine to query Athena and get the results. This pattern is leveraging the native integration between these 2 services which means only JSON-based, structured language is used to define the implementation.", - "With Amazon Athena you can get up to 1000 results per invocation of the GetQueryResults method and this is the reason why the Step Function has a loop to get more results. The results are sent to a Map which can be configured to handle (the DoSomething state) the items in parallel or one by one by modifying the max_concurrency parameter.", - "This pattern deploys one Step Functions, two S3 Buckets, one Glue table and one Glue database." + "This pattern deploys an Amazon API Gateway REST with a VPC Link V2 integration and a Load Balancer", + "The new feature of November 2025 now allows REST APIs to be integrated directly with ALBs through a VPC Link V2 integration", + "The VPC Link V2 now supports both Network Load Balancer and Application Load Balancers, and can be used for both REST APIs and HTTP APIs" ] }, "gitHub": { "template": { - "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/sfn-athena-cdk-python", - "templateURL": "serverless-patterns/sfn-athena-cdk-python", - "projectFolder": "sfn-athena-cdk-python", - "templateFile": "sfn_athena_cdk_python_stack.py" + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/apigw-restapi-vpclink-v2", + "templateURL": "serverless-patterns/apigw-restapi-vpclink-v2", + "projectFolder": "apigw-restapi-vpclink-v2", + "templateFile": "apigw-restapi-vpclink-v2/template.yml" } }, "resources": { @@ -49,11 +49,10 @@ }, "authors": [ { - "name": "Your name", - "image": "link-to-your-photo.jpg", - "bio": "Your bio.", - "linkedin": "linked-in-ID", - "twitter": "twitter-handle" + "name": "Alice Goumain", + "image": "https://media.licdn.com/dms/image/v2/C4E03AQFu1xnGt76xzg/profile-displayphoto-shrink_200_200/profile-displayphoto-shrink_200_200/0/1662636937225?e=1766620800&v=beta&t=p5zclBv3rdVctUymg2uTYVnkgt0IH8Ec5w7IwUqlWAk", + "bio": "Cloud Support Engineer at AWS", + "linkedin": "https://www.linkedin.com/in/alice-goumain/" } ] } From 082f7f2b389013ff2426d79b602023d6e597f664 Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Fri, 12 Dec 2025 18:08:05 +0000 Subject: [PATCH 4/7] added read.ME file --- apigw-restapi-vpclink-v2/README.md | 31 ++++++++++++++++--- apigw-restapi-vpclink-v2/example-pattern.json | 20 ++++++------ apigw-restapi-vpclink-v2/template.yaml | 8 ++--- 3 files changed, 39 insertions(+), 20 deletions(-) diff --git a/apigw-restapi-vpclink-v2/README.md b/apigw-restapi-vpclink-v2/README.md index 8e3a35d132..aa26cf8cff 100644 --- a/apigw-restapi-vpclink-v2/README.md +++ b/apigw-restapi-vpclink-v2/README.md @@ -1,8 +1,7 @@ # AWS Service 1 to AWS Service 2 -This pattern << explain usage >> - -Learn more about this pattern at Serverless Land Patterns: << Add the live URL here >> +This pattern deploys an Amazon API Gateway REST with a VPC Link V2 integration. The new feature of November 2025 now allows REST APIs to be integrated directly with ALBs through a VPC Link V2 integration (without having to use a NLB in the middle). I aslo allows HTTP APIs to integrate with a Network Load Balancer through the same VPC Link V2. +Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-restapi-vpclink-v2 Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. @@ -38,11 +37,33 @@ Important: this application uses various AWS services and there are costs associ ## How it works -Explain how the service interaction works. + The VPC Link V2 now supports both Network Load Balancer and Application Load Balancers, and can be used for both REST APIs and HTTP APIs. + + **For REST APIs :** + When using HTTPS/SSL over port 443, the integration URI in the REST API resource should match the DNS name covered by the certificate on the listener. + For instance, if my ALB has the DNS Name "internal-alb-abcd.eu-west-1.elb.amazonaws.com" and has an HTTPS listener on port 443 using the certificate with DNS Name "*.hello.world.com" - the integration URI should be "https://slay.hello.world.com" or match any subdomain of "*.hello.world.com". This is true for both ALB and NLBs. + The integration URI is only used for the SSL handshake, it will also define the value of the Host Header. + + However, for request made on port 80 over HTTP/TCP, any URI can be used in the REST API integration, as the VPC Link will always point to the Load Balancer under the hood. + For instance, if my ALB has the DNS Name "internal-alb-abcd.eu-west-1.elb.amazonaws.com" and has an HTTP listener on port 80 - the integration URI could be "http://internal-alb-abcd.eu-west-1.elb.amazonaws.com" or "http://my.name.is.alice.com", any value will work. The integration URI will be used to define the Host Header. + + **For HTTP APIs :** + It is not possible to define an integration URI so the above does not apply. + + The template will also create a Security Group for the VPC Link. Its inbound rule do not matter as no traffic will be sent inbound to the VPC Link, only the outbound rule need to allow access to the Load Balancer. In this template, by default the outbound rule is open to all. + ## Testing -Provide steps to trigger the integration and show what should be observed if successful. +When deploying the template, you will be prompted the enter the below parameters: + * LoadBalancerArn: The ARN of the private ALB or NLB used with the VPC Link + * IntegrationUri: the integration URI as described above + * VpcId: ID of the Virtual Private Cloud (VPC) where the Load Balancer resides + * PrivateSubnetIds: 2 existing private subnets which are also used on the Load Balancer + +The template can take a few minutes to create because of the VPC Link resource. + +Once it is deployed, the output will show the REST API Gateway invocation URL. ## Cleanup diff --git a/apigw-restapi-vpclink-v2/example-pattern.json b/apigw-restapi-vpclink-v2/example-pattern.json index 6afcba3f31..525641ccb4 100644 --- a/apigw-restapi-vpclink-v2/example-pattern.json +++ b/apigw-restapi-vpclink-v2/example-pattern.json @@ -1,15 +1,17 @@ { - "title": "Step Functions to Athena", - "description": "Create a Step Functions workflow to query Amazon Athena.", + "title": "AWS REST API Gateway with VPC Link V2", + "description": "Create a REST API with a VPC Link V2 integration and an Application Load Balancer or Network Load Balancer", "language": "Python", "level": "200", "framework": "AWS SAM", "introBox": { "headline": "How it works", "text": [ - "This pattern deploys an Amazon API Gateway REST with a VPC Link V2 integration and a Load Balancer", - "The new feature of November 2025 now allows REST APIs to be integrated directly with ALBs through a VPC Link V2 integration", - "The VPC Link V2 now supports both Network Load Balancer and Application Load Balancers, and can be used for both REST APIs and HTTP APIs" + "This pattern deploys an Amazon API Gateway REST with a VPC Link V2 integration which will then point to a private Load Balancer.", + "The new feature of November 2025 now allows REST APIs to be integrated directly with ALBs through a VPC Link V2 integration (without having to use a NLB in the middle).", + "The VPC Link V2 now supports both Network Load Balancer and Application Load Balancers, and can be used for both REST APIs and HTTP APIs.", + "When using HTTPS/SSL over port 443, the integration URI should match the DNS name covered by the certificate on the listener.", + "For request made on port 80 over HTTP/TCP, any URI can be used in the REST API integration, as the VPC Link will always point to the Load Balancer under the hood." ] }, "gitHub": { @@ -23,12 +25,8 @@ "resources": { "bullets": [ { - "text": "Call Athena with Step Functions", - "link": "https://docs.aws.amazon.com/step-functions/latest/dg/connect-athena.html" - }, - { - "text": "Amazon Athena - Serverless Interactive Query Service", - "link": "https://aws.amazon.com/athena/" + "text": "Build scalable REST APIs using Amazon API Gateway private integration with Application Load Balancer", + "link": "https://aws.amazon.com/blogs/compute/build-scalable-rest-apis-using-amazon-api-gateway-private-integration-with-application-load-balancer/" } ] }, diff --git a/apigw-restapi-vpclink-v2/template.yaml b/apigw-restapi-vpclink-v2/template.yaml index 3a15d24a4f..78593f70c5 100644 --- a/apigw-restapi-vpclink-v2/template.yaml +++ b/apigw-restapi-vpclink-v2/template.yaml @@ -4,11 +4,11 @@ Parameters: LoadBalancerArn: Description: The ARN of the private ALB or NLB used with the VPC Link Type: String - LoadBalancerDnsName: - Description: the integration URI (DNS Name of the LoadBalancer for HTTP port 80 requests - or the DNS Name of the Certificate used on the SSL Listener port 443) + IntegrationUri: + Description: the integration URI (for SSL/HTTPS requests, the DNS Name of the Certificate used on the SSL Listener port 443) Type: String VpcId: - Description: ID of an existing Virtual Private Cloud (VPC). + Description: Select the ID of the Virtual Private Cloud (VPC) used on the Load Balancer Type: AWS::EC2::VPC::Id PrivateSubnetIds: Description: Select at least 2 existing private subnets which are also used on the Load Balancer @@ -53,7 +53,7 @@ Resources: connectionId: !Ref VpcLinkV2 httpMethod: ANY type: http_proxy - uri: !Ref LoadBalancerDnsName + uri: !Ref IntegrationUri integrationTarget: !Ref LoadBalancerArn responses: "200": From 7cda5ba095492de8d709ccdd93beb586e9b9e1bb Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Fri, 12 Dec 2025 18:57:30 +0000 Subject: [PATCH 5/7] last changed --- apigw-restapi-vpclink-v2/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apigw-restapi-vpclink-v2/README.md b/apigw-restapi-vpclink-v2/README.md index aa26cf8cff..9dcf48a321 100644 --- a/apigw-restapi-vpclink-v2/README.md +++ b/apigw-restapi-vpclink-v2/README.md @@ -51,6 +51,8 @@ Important: this application uses various AWS services and there are costs associ It is not possible to define an integration URI so the above does not apply. The template will also create a Security Group for the VPC Link. Its inbound rule do not matter as no traffic will be sent inbound to the VPC Link, only the outbound rule need to allow access to the Load Balancer. In this template, by default the outbound rule is open to all. + + The API also has a test resource called "mock" which is a simple 200 response. ## Testing From e92e0964607dde2149e2e83fbeb3e24b74467104 Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Fri, 12 Dec 2025 19:11:25 +0000 Subject: [PATCH 6/7] removed fodler --- restapi-vpclink-v2/README.md | 60 ------------------ restapi-vpclink-v2/example-pattern.json | 59 ------------------ restapi-vpclink-v2/template.yaml | 82 ------------------------- 3 files changed, 201 deletions(-) delete mode 100644 restapi-vpclink-v2/README.md delete mode 100644 restapi-vpclink-v2/example-pattern.json delete mode 100644 restapi-vpclink-v2/template.yaml diff --git a/restapi-vpclink-v2/README.md b/restapi-vpclink-v2/README.md deleted file mode 100644 index 8e3a35d132..0000000000 --- a/restapi-vpclink-v2/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# AWS Service 1 to AWS Service 2 - -This pattern << explain usage >> - -Learn more about this pattern at Serverless Land Patterns: << Add the live URL here >> - -Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. - -## Requirements - -* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources. -* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured -* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) -* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed - -## Deployment Instructions - -1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository: - ``` - git clone https://github.com/aws-samples/serverless-patterns - ``` -1. Change directory to the pattern directory: - ``` - cd _patterns-model - ``` -1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file: - ``` - sam deploy --guided - ``` -1. During the prompts: - * Enter a stack name - * Enter the desired AWS Region - * Allow SAM CLI to create IAM roles with the required permissions. - - Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults. - -1. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing. - -## How it works - -Explain how the service interaction works. - -## Testing - -Provide steps to trigger the integration and show what should be observed if successful. - -## Cleanup - -1. Delete the stack - ```bash - aws cloudformation delete-stack --stack-name STACK_NAME - ``` -1. Confirm the stack has been deleted - ```bash - aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" - ``` ----- -Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. - -SPDX-License-Identifier: MIT-0 diff --git a/restapi-vpclink-v2/example-pattern.json b/restapi-vpclink-v2/example-pattern.json deleted file mode 100644 index 8616bc19b6..0000000000 --- a/restapi-vpclink-v2/example-pattern.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "title": "Step Functions to Athena", - "description": "Create a Step Functions workflow to query Amazon Athena.", - "language": "Python", - "level": "200", - "framework": "AWS CDK", - "introBox": { - "headline": "How it works", - "text": [ - "This sample project demonstrates how to use an AWS Step Functions state machine to query Athena and get the results. This pattern is leveraging the native integration between these 2 services which means only JSON-based, structured language is used to define the implementation.", - "With Amazon Athena you can get up to 1000 results per invocation of the GetQueryResults method and this is the reason why the Step Function has a loop to get more results. The results are sent to a Map which can be configured to handle (the DoSomething state) the items in parallel or one by one by modifying the max_concurrency parameter.", - "This pattern deploys one Step Functions, two S3 Buckets, one Glue table and one Glue database." - ] - }, - "gitHub": { - "template": { - "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/sfn-athena-cdk-python", - "templateURL": "serverless-patterns/sfn-athena-cdk-python", - "projectFolder": "sfn-athena-cdk-python", - "templateFile": "sfn_athena_cdk_python_stack.py" - } - }, - "resources": { - "bullets": [ - { - "text": "Call Athena with Step Functions", - "link": "https://docs.aws.amazon.com/step-functions/latest/dg/connect-athena.html" - }, - { - "text": "Amazon Athena - Serverless Interactive Query Service", - "link": "https://aws.amazon.com/athena/" - } - ] - }, - "deploy": { - "text": [ - "sam deploy" - ] - }, - "testing": { - "text": [ - "See the GitHub repo for detailed testing instructions." - ] - }, - "cleanup": { - "text": [ - "Delete the stack: cdk delete." - ] - }, - "authors": [ - { - "name": "Your name", - "image": "link-to-your-photo.jpg", - "bio": "Your bio.", - "linkedin": "linked-in-ID", - "twitter": "twitter-handle" - } - ] -} diff --git a/restapi-vpclink-v2/template.yaml b/restapi-vpclink-v2/template.yaml deleted file mode 100644 index 3a15d24a4f..0000000000 --- a/restapi-vpclink-v2/template.yaml +++ /dev/null @@ -1,82 +0,0 @@ -Transform: AWS::Serverless-2016-10-31 -Description: REST API Gatewayus using VPC Link V2 integration with a Load Balancer -Parameters: - LoadBalancerArn: - Description: The ARN of the private ALB or NLB used with the VPC Link - Type: String - LoadBalancerDnsName: - Description: the integration URI (DNS Name of the LoadBalancer for HTTP port 80 requests - or the DNS Name of the Certificate used on the SSL Listener port 443) - Type: String - VpcId: - Description: ID of an existing Virtual Private Cloud (VPC). - Type: AWS::EC2::VPC::Id - PrivateSubnetIds: - Description: Select at least 2 existing private subnets which are also used on the Load Balancer - Type: List - -Resources: - SecurityGroupAlbVpcLink: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: VPC Link V2 security group - SecurityGroupEgress: - - Description: Allow all outbound traffic - IpProtocol: '-1' - CidrIp: 0.0.0.0/0 - VpcId: !Ref VpcId - - VpcLinkV2: - Type: AWS::ApiGatewayV2::VpcLink - DependsOn: SecurityGroupAlbVpcLink - Properties: - Name: VpcLinkAlbRest - SecurityGroupIds: - - !Ref SecurityGroupAlbVpcLink - SubnetIds: !Ref PrivateSubnetIds - - RestAPIAlb: - Type: AWS::Serverless::Api - DependsOn: VpcLinkV2 - Properties: - Name: !Sub - - ${ResourceName} From Stack ${AWS::StackName} - - ResourceName: RestAPIAlb - EndpointConfiguration: REGIONAL - StageName: slay - DefinitionBody: - openapi: '3.0' - paths: - /vpclink-v2: - get: - x-amazon-apigateway-integration: - connectionType: VPC_LINK - connectionId: !Ref VpcLinkV2 - httpMethod: ANY - type: http_proxy - uri: !Ref LoadBalancerDnsName - integrationTarget: !Ref LoadBalancerArn - responses: - "200": - description: "200 response" - /mock: - get: - responses: - "200": - description: "200 response" - x-amazon-apigateway-integration: - type: "mock" - responses: - default: - statusCode: "200" - responseTemplates: - application/json: "{\n\"body\" : \"success!! Don't stoFP believing!!\",\n }" - requestTemplates: - application/json: "{\"statusCode\": 200}" - passthroughBehavior: "when_no_match" - -Outputs: - ApiEndpoint: - Description: API Gateway Endpoint URL - Value: !Sub 'https://${RestAPIAlb}.execute-api.${AWS::Region}.amazonaws.com/Stage/vpclink-v2' - Export: - Name: !Sub '${AWS::StackName}-ApiEndpoint' \ No newline at end of file From 3be5d285a0dec5c2f2ef94b65454b5704d8e137d Mon Sep 17 00:00:00 2001 From: Alice Goumain Date: Fri, 12 Dec 2025 19:14:45 +0000 Subject: [PATCH 7/7] added title on ReadMe --- apigw-restapi-vpclink-v2/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apigw-restapi-vpclink-v2/README.md b/apigw-restapi-vpclink-v2/README.md index 9dcf48a321..b0401ca73f 100644 --- a/apigw-restapi-vpclink-v2/README.md +++ b/apigw-restapi-vpclink-v2/README.md @@ -1,6 +1,7 @@ -# AWS Service 1 to AWS Service 2 +# AWS REST API Gateway to private Load Balancer through VPC Link V2 This pattern deploys an Amazon API Gateway REST with a VPC Link V2 integration. The new feature of November 2025 now allows REST APIs to be integrated directly with ALBs through a VPC Link V2 integration (without having to use a NLB in the middle). I aslo allows HTTP APIs to integrate with a Network Load Balancer through the same VPC Link V2. + Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-restapi-vpclink-v2 Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.