In both commercial and AWS GovCloud (US) regions, Amazon is introducing IPv6 support for Amazon API Gateway for all endpoint types, custom domains, and administration APIs. In addition to the current IPv4 functionality, you may now set up REST, HTTP, and WebSocket APIs as well as custom domains to accept calls from IPv6 clients. IPv6 and IPv4 Dual stack clients can also call API Gateway administration APIs.
IPv6 implementation is essential for future-proofing network infrastructure as enterprises around the world deal with an increasing shortage of IPv4 addresses and rising expenses. This IPv6 and IPv4 Dual stack strategy aids businesses in extending their worldwide reach and preserving network compatibility in the future.
Creating new dual-stack resources
This article focusses on using the AWS Cloud Development Kit (CDK) and AWS Management Console to build a domain name or API with a dual stack IP address type.
AWS Console
Choose either IPv4 alone or IPv6 and IPv4 dual stack as the IP address type when generating a new API or domain name in the console.
When creating a new REST API, you can choose the dualstack option, as seen in the following image.
IPv6 and IPv4 Dual stack can be set up similarly for custom domain names, as seen in the following image.
You don’t have to relaunch your API in order for the change to take effect if you need to switch back to IPv4-only for whatever reason.
Dualstack is supported via REST APIs for all endpoint kinds, including EDGE, REGIONAL, and PRIVATE. Only IPv6 and IPv4 Dual stack setup is supported for private REST APIs.
AWS CDK
First, set up a IPv6 and IPv4 Dual stack REST API and domain name using AWS CDK.
const api = new apigateway.RestApi(this, "Api", {
restApiName: "MyDualStackAPI",
endpointConfiguration: {ipAddressType: "dualstack"}
});
const domain_name = new apigateway.DomainName(this, "DomainName", {
regionalCertificateArn: 'arn:aws:acm:us-east-1:111122223333:certificate/a1b2c3d4-5678-90ab',
domainName: 'dualstack.example.com',
endpointConfiguration: {
types: ['Regional'],
ipAddressType: 'dualstack'
},
securityPolicy: 'TLS_1_2'
});
const basepathmapping = new apigateway.BasePathMapping(this, "BasePathMapping", {
domainName: domain_name,
restApi: api
});IPv6 Source IP and authorization
Client source IPs will be in IPv6 format once your API starts to receive IPv6 traffic. AWS Identity and Access Management (IAM) policies, Lambda authorisers, and resource policies that employ source IP addresses should all be changed to support IPv6 address forms.
For instance, in a resource policy, to allow traffic from a particular IPv6 range.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:stage-name/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24",
"2001:db8:1234::/48"
]
}
}
}
]
}Summary
Dual-stack API Gateway support helps manage IPv4 address cost and scarcity, comply with industry and government standards, and prepare for the future of networking. The system supports IPv6 and IPv4 Dual stack clients simultaneously, enabling a smooth transition.
What is API Gateway?
Amazon API Gateway, a managed service, lets developers build, publish, maintain, monitor, and defend APIs at any size. Applications use APIs as the “front door” to access information, business logic, or features from your backend services. Real-time two-way communication apps can be made possible by using API Gateway to create RESTful and WebSocket APIs. Web apps and serverless and containerised workloads are supported by API Gateway.
Including traffic management, CORS support, authorisation and access control, throttling, monitoring, and API version management, API Gateway manages all the responsibilities associated with receiving and processing hundreds of thousands of concurrent API calls. API Gateway doesn’t have any starting or minimum fees. With the API Gateway tiered pricing model, you may lower your costs as your API usage increases. You pay for the number of API calls you get and the volume of data that is sent out.
Benefits
Effective creation of APIs
With API Gateway, you may run numerous versions of the same API at once, facilitating rapid iteration, testing, and deployment of new versions. There are no minimum fees or upfront commitments; you only pay for calls to your APIs and data transfers.
At any scale, performance
Utilise Amazon CloudFront to use worldwide network of edge locations and give end users the lowest possible latency for API requests and responses. To make sure that backend operations can handle traffic surges and that backend services aren’t used needlessly, throttle traffic and approve API calls.
Large-scale cost reductions
For API requests, API Gateway offers a tiered cost structure. As your API usage grows by region across all of your AWS accounts, you can reduce your costs because the highest tier of API Requests has a price as low as $0.90 per million requests.
Simple observation
You may visually monitor calls to your services using Amazon CloudWatch by using the API Gateway dashboard, which provides performance metrics and data on API calls, data latency, and error rates.
Adaptable security measures
Use Amazon Cognito and AWS Identity and Access Management (IAM) to grant access to your APIs. API Gateway provides native support for OIDC and OAuth2 if you utilise OAuth tokens. You can run a Lambda authoriser from AWS Lambda to accommodate unique authorisation needs.
Options for RESTful APIs
Use REST or HTTP APIs to create RESTful APIs. Because HTTP APIs are up to 71% less expensive than REST APIs, they are the best option for most use cases. REST APIs can be used if your use case calls for management features and API proxy capability in one solution.