Forem: Avihai Levi The latest articles on Forem by Avihai Levi (@avihailev). https://forem.com/avihailev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1220392%2F4916b7fe-ff7e-4d1f-92e2-4926ef3ff304.png Forem: Avihai Levi https://forem.com/avihailev en How to HTTPS Proxy integration from REST API Gateway to Network Load Balancer Avihai Levi Tue, 28 Nov 2023 09:24:17 +0000 https://forem.com/avihailev/how-to-https-proxy-integration-from-rest-api-gateway-to-network-load-balancer-73k https://forem.com/avihailev/how-to-https-proxy-integration-from-rest-api-gateway-to-network-load-balancer-73k <p>If you have rest api gateway in your application to exposing EKS/ECS services and you still working with http proxy integration you need to change it right now.<br> here is a tutorial on how to change your <strong>http</strong> proxy integration to <strong>https</strong> proxy integration to your VPC services.<br> all you need is a public domain.</p> <p><strong>So What Is The Problem?</strong><br> Now a days when you want to do a proxy integration from your rest api gateway to your VPC ECS\EKS services you have to create network load balancer and work with <a href="https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-http.html">this Amazon's official tutorial</a><br> in this tutorial Amazon recommend to proxy our request to the network load balancer with the load balancer's http DNS, but what if we want to keep our secured tls connection?</p> <p>So here is a lot of solutions that just don't work:</p> <p><em><strong>Solution that didn't work #1</strong></em><br> Create self signed / private ca - we can create route 53 private domain and self signed certificate or private ca certificate, but Amazon's rest api gateway proxy integration don't support any private ca or self signed certificate, api gateway expect public certified ca certificate as described in <a href="https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html">Amazon's official documentation </a></p> <p><em><strong>Solution that didn't work #2</strong></em><br> Create private domain and route it to network load balancer DNS - as i mentioned above api gateway expect public certificate but also it cannot get any unknown domain name like: "application.local" etc..</p> <p><em><strong>Solution that didn't work #3</strong></em><br> Route to your network load balancer https url - this cannot be done because your network load balancer DNS is an Amazon's DNS and network load balancer don't have this domain certificate and therefore api gateway cannot invoke this request to an not secured connection.</p> <p><em><strong>Solution that didn't work #4</strong></em><br> we have a domain and certificate for our api gateway, why not to use this? - lets assume that we have a domain and certificate, api.example.com, we cannot setup a new private hosted zone with the same name api.example.com because it is already in use for the record to point to the api gateway custom domain name, and we must have a private hosted zone so that the VPC link knows where to route to.</p> <p><u><strong>This is how we can solve it?</strong></u></p> <p>Let's assume you have rest api gateway and in your VPC you have network load balancer for your application and you're using VPC link to connect to your application.<br> the api gateway have a domain name for example: api.example.com and certificate for this domain, this is how you solve it:</p> <p>We are creating new public certificate because api gateway demands only public certificate as i mentioned before, for this we are creating also a new public hosted zone that we can validate the certificate.<br> We are creating a private hosted zone with the same name as the public hosted zone and now we have a public certificate for our private hosted zone, now we can attach this certificate to our network load balancer and create a record that our api gateway can connect in https to our network load balancer.</p> <p><strong><u>Tutorial:</u></strong></p> <ol> <li>Create public route 53 with this name for example: app.example.com</li> <li>Create NS record in example.com to your new subdomain app.example.com - with NS from app.example.com</li> <li>Create certificate in certificate manager for this FQDN app.example.com and *.app.example.com and pass the validation process using route 53 records</li> <li>Create private route 53 hosted zone with the same domain app.example.com</li> <li>Create a record for you application network load balancer in the private hosted zone for example - application.app.example.com</li> <li>Add the public certificate we created in section 3. to your network load balancer.</li> <li>Change your api gateway proxy integration url to your newly created a record - <a href="https://application.app.example.com/%7Bproxy%7D">https://application.app.example.com/{proxy}</a>, and don't forget to deploy this api.</li> </ol> <p>And now you can remove the http port 80 listener from your application load balancer, and your working with https from your api gateway to your application load balancer.</p> <p>And here it is in CloudFormation Template:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Transform</span><span class="pi">:</span> <span class="s">AWS::Serverless-2016-10-31</span> <span class="na">Description</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">all resources for creating your proxy integration using https</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">SubnetName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">subnet name</span> <span class="na">TargetGroupServiceArn</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">target group service arn</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">eks/ecs service name</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">example.com</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">youre domain name</span> <span class="na">PrivateSubdomainName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">app</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">subdomain for your vpc resources</span> <span class="na">PublicSubdomainName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">api</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">subdomain for your api gateway</span> <span class="na">VPC</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">vpc id</span> <span class="na">StageName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">api gateway stage name</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1">#your public domain</span> <span class="na">PublicDomainHostedZone</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Route53::HostedZone</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HostedZoneConfig</span><span class="pi">:</span> <span class="na">Comment</span><span class="pi">:</span> <span class="s1">'</span><span class="s">public</span><span class="nv"> </span><span class="s">hosted</span><span class="nv"> </span><span class="s">zone'</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">DomainName</span> <span class="na">PublicDomainCertificate</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::CertificateManager::Certificate</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">DomainName</span> <span class="na">ValidationMethod</span><span class="pi">:</span> <span class="s">DNS</span> <span class="na">SubjectAlternativeNames</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span><span class="s1">'</span><span class="s">*'</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">DomainValidationOptions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">DomainName</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicDomainHostedZone</span> <span class="c1">#the public domain for creating certificate</span> <span class="na">PublicApplicationDomainHostedZone</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Route53::HostedZone</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HostedZoneConfig</span><span class="pi">:</span> <span class="na">Comment</span><span class="pi">:</span> <span class="s1">'</span><span class="s">public</span><span class="nv"> </span><span class="s">application</span><span class="nv"> </span><span class="s">hosted</span><span class="nv"> </span><span class="s">zone'</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">PublicApplicationNSHostedZoneRecordSet</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::Route53::RecordSet'</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicDomainHostedZone</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">NS</span> <span class="na">TTL</span><span class="pi">:</span> <span class="s1">'</span><span class="s">900'</span> <span class="na">ResourceRecords</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">PublicApplicationDomainHostedZone.NameServers</span> <span class="na">PublicApplicationCertificate</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::CertificateManager::Certificate</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">PublicApplicationNSHostedZoneRecordSet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">ValidationMethod</span><span class="pi">:</span> <span class="s">DNS</span> <span class="na">SubjectAlternativeNames</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span><span class="s1">'</span><span class="s">*'</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">DomainValidationOptions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicApplicationDomainHostedZone</span> <span class="c1"># private hosted zone for api gateway --&gt; network load balancer</span> <span class="na">PrivateApplicationDomainHostedZone</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Route53::HostedZone</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HostedZoneConfig</span><span class="pi">:</span> <span class="na">Comment</span><span class="pi">:</span> <span class="s1">'</span><span class="s">private</span><span class="nv"> </span><span class="s">application</span><span class="nv"> </span><span class="s">hosted</span><span class="nv"> </span><span class="s">zone'</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">VPCs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">VPCId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">VPCRegion </span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">AWS::Region'</span> <span class="c1"># network load balancer for your application</span> <span class="na">PrivateLoadBalancer</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::ElasticLoadBalancingV2::LoadBalancer'</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Scheme</span><span class="pi">:</span> <span class="s">internal</span> <span class="na">Subnets</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">SubnetName</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">network</span> <span class="na">SecuredPrivateLoadBalancerListener</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::Listener</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DefaultActions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">forward</span> <span class="na">TargetGroupArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TargetGroupServiceArn</span> <span class="na">LoadBalancerArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateLoadBalancer</span> <span class="na">Port</span><span class="pi">:</span> <span class="m">443</span> <span class="na">Protocol</span><span class="pi">:</span> <span class="s">TLS</span> <span class="na">SslPolicy</span><span class="pi">:</span> <span class="s1">'</span><span class="s">ELBSecurityPolicy-TLS13-1-2-2021-06'</span> <span class="na">Certificates</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">CertificateArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicApplicationCertificate</span> <span class="na">LoadBalancerDNSRecordSet</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Route53::RecordSetGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateApplicationDomainHostedZone</span> <span class="na">Comment</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">DNS record for the ${ServiceName} service</span> <span class="na">RecordSets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span><span class="kt">!Ref</span> <span class="nv">ServiceName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">A</span> <span class="na">AliasTarget</span><span class="pi">:</span> <span class="na">EvaluateTargetHealth</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">PrivateLoadBalancer.CanonicalHostedZoneID</span> <span class="na">DNSName</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">PrivateLoadBalancer.DNSName</span> <span class="c1">#api gateway public domain name and certificate</span> <span class="na">ApiGatewayDomainName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::DomainName</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RegionalCertificateArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicDomainCertificate</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span><span class="kt">!Ref</span> <span class="nv">PublicSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">SecurityPolicy</span><span class="pi">:</span> <span class="s">TLS_1_2</span> <span class="na">EndpointConfiguration</span><span class="pi">:</span> <span class="na">Types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">REGIONAL'</span> <span class="na">ApiGatewayDomainRoute53RecordSet</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Route53::RecordSet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicDomainHostedZone</span> <span class="na">Comment</span><span class="pi">:</span> <span class="s">record for api gateway public domain</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">.'</span><span class="pi">,[</span><span class="kt">!Ref</span> <span class="nv">PublicSubdomainName</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span><span class="pi">]]</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">A</span> <span class="na">AliasTarget</span><span class="pi">:</span> <span class="na">DNSName</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">ApiGatewayDomainName.RegionalDomainName</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">ApiGatewayDomainName.RegionalHostedZoneId</span> <span class="c1"># api gateway for your application</span> <span class="na">RestApiGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::RestApi</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${ServiceName}-apigw</span> <span class="na">Description</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">Api Gateway for ${ServiceName}</span> <span class="na">EndpointConfiguration</span><span class="pi">:</span> <span class="na">Types</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">EDGE</span><span class="pi">]</span> <span class="na">ApiGatewayVpcLink</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::VpcLink</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">vpc link for ${ServiceName}</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${ServiceName}-private-link</span> <span class="na">TargetArns</span><span class="pi">:</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">PrivateLoadBalancer</span><span class="pi">]</span> <span class="na">ApiGatewayProxyResource</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::Resource</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">RestApiGateway</span> <span class="na">ParentId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">RestApiGateway.RootResourceId</span> <span class="na">PathPart</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{proxy+}'</span> <span class="na">ApiGatewayProxyMethod</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::Method</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">LoadBalancerDNSRecordSet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">RestApiGateway</span> <span class="na">ResourceId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ApiGatewayProxyResource</span> <span class="na">HttpMethod</span><span class="pi">:</span> <span class="s">ANY</span> <span class="na">RequestParameters</span><span class="pi">:</span> <span class="na">method.request.path.proxy</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Integration</span><span class="pi">:</span> <span class="na">ConnectionType</span><span class="pi">:</span> <span class="s">VPC_LINK</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">HTTP_PROXY</span> <span class="na">IntegrationHttpMethod</span><span class="pi">:</span> <span class="s">ANY</span> <span class="na">ConnectionId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ApiGatewayVpcLink</span> <span class="na">Uri</span><span class="pi">:</span> <span class="kt">!Join</span> <span class="pi">[</span><span class="s1">'</span><span class="s">'</span><span class="pi">,[</span><span class="s1">'</span><span class="s">https://'</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">ServiceName</span><span class="pi">,</span> <span class="s1">'</span><span class="s">.'</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">PrivateSubdomainName</span><span class="pi">,</span> <span class="s1">'</span><span class="s">.'</span><span class="pi">,</span> <span class="kt">!Ref</span> <span class="nv">DomainName</span> <span class="pi">,</span> <span class="s1">'</span><span class="s">/{proxy}'</span><span class="pi">]]</span> <span class="na">RequestParameters</span><span class="pi">:</span> <span class="na">integration.request.path.proxy</span><span class="pi">:</span> <span class="s1">'</span><span class="s">method.request.path.proxy'</span> <span class="na">ApiGatewayDeployment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::Deployment</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">ApiGatewayProxyMethod</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">RestApiGateway</span> <span class="na">Description</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">deployment for {ServiceName} api gateway</span> <span class="na">StageName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">StageName</span> <span class="na">StageDescription</span><span class="pi">:</span> <span class="na">TracingEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">LoggingLevel</span><span class="pi">:</span> <span class="s">INFO</span> <span class="na">MetricsEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">DataTraceEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">ApiGatewayPublicDomainMapping</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApiGateway::BasePathMapping</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">ApiGatewayDeployment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">BasePath</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ServiceName</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ApiGatewayDomainName</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">RestApiGateway</span> <span class="na">Stage</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">StageName</span> </code></pre> </div> aws apigateway ecs devops