Set up AWS API gateway

We have plans to automatically configure API gateway when creating a Cortex API (#326), but until that's implemented, it's fairly straightforward to set it up manually.

One reason to use API Gateway is to get HTTPS working with valid certificates (either by using AWS's built-in certificates, or using your own via custom domains and the AWS Certificate Manager). Another reason could be to expose your APIs to the internet when configuring Cortex to use an internal load balancer.

If your API load balancer is internet-facing (which is the default, or you explicitly set api_load_balancer_scheme: internet-facing in your cluster configuration file before creating your cluster), use the first section of this guide.

If your API load balancer is internal (i.e. you set api_load_balancer_scheme: internal in your cluster configuration file before creating your cluster), use the second section of this guide.

If your API load balancer is internet-facing

Step 1

Go to the API Gateway console, select "REST API" under "Choose an API type", and click "Build"

step 1

Step 2

Select "REST" and "New API", name your API (e.g. "cortex"), select either "Regional" or "Edge optimized" (depending on your preference), and click "Create API"

step 2

Step 3

Select "Actions" > "Create Resource"

step 3

Step 4

Select "Configure as proxy resource" and "Enable API Gateway CORS", and click "Create Resource"

step 4

Step 5

Select "HTTP Proxy" and set "Endpoint URL" to "http:///{proxy}". You can get your base API endpoint via cortex cluster info; make sure to prepend http:// and append /{proxy}. For example, mine is: http://a9eaf69fd125947abb1065f62de59047-81cdebc0275f7d96.elb.us-west-2.amazonaws.com/{proxy}.

Leave "Content Handling" set to "Passthrough" and Click "Save".

step 5

Step 6

Select "Actions" > "Deploy API"

step 6

Step 7

Create a new stage (e.g. "dev") and click "Deploy"

step 7

Step 8

Copy your "Invoke URL"

step 8

Using your new endpoint

You may now use the "Invoke URL" in place of your APIs endpoint in your client. For example, this curl request:

curl http://a9eaf69fd125947abb1065f62de59047-81cdebc0275f7d96.elb.us-west-2.amazonaws.com/iris-classifier -X POST -H "Content-Type: application/json" -d @sample.json

Would become:

curl https://31qjv48rs6.execute-api.us-west-2.amazonaws.com/dev/iris-classifier -X POST -H "Content-Type: application/json" -d @sample.json

Cleanup

Delete the API Gateway before spinning down your Cortex cluster:

delete api gateway

If your API load balancer is internal

Step 1

Navigate to AWS's EC2 Load Balancer dashboard and locate the Cortex API load balancer. You can determine which is the API load balancer by inspecting the kubernetes.io/service-name tag:

step 1

Take note of the load balancer's name.

Step 2

Go to the API Gateway console, click "VPC Links" on the left sidebar, and click "Create"

step 2

Step 3

Select "VPC link for REST APIs", name your VPC link (e.g. "cortex"), select the API load balancer (identified in Step 1), and click "Create"

step 3

Step 4

Wait for the VPC link to be created (it will take a few minutes)

step 4

Step 5

Go to the API Gateway console, select "REST API" under "Choose an API type", and click "Build"

step 5

Step 6

Select "REST" and "New API", name your API (e.g. "cortex"), select either "Regional" or "Edge optimized" (depending on your preference), and click "Create API"

step 6

Step 7

Select "Actions" > "Create Resource"

step 7

Step 8

Select "Configure as proxy resource" and "Enable API Gateway CORS", and click "Create Resource"

step 8

Step 9

Select "VPC Link", select "Use Proxy Integration", choose your newly-created VPC Link, and set "Endpoint URL" to "http:///{proxy}". You can get your base API endpoint via cortex cluster info; make sure to prepend http:// and append /{proxy}. For example, mine is: http://a5044e34a352d44b0945adcd455c7fa3-32fa161d3e5bcbf9.elb.us-west-2.amazonaws.com/{proxy}. Click "Save"

step 9

Step 10

Select "Actions" > "Deploy API"

step 10

Step 11

Create a new stage (e.g. "dev") and click "Deploy"

step 11

Step 12

Copy your "Invoke URL"

step 12

Using your new endpoint

You may now use the "Invoke URL" in place of your APIs endpoint in your client. For example, this curl request:

curl http://a5044e34a352d44b0945adcd455c7fa3-32fa161d3e5bcbf9.elb.us-west-2.amazonaws.com/iris-classifier -X POST -H "Content-Type: application/json" -d @sample.json

Would become:

curl https://lrivodooqh.execute-api.us-west-2.amazonaws.com/dev/iris-classifier -X POST -H "Content-Type: application/json" -d @sample.json

Cleanup

Delete the API Gateway and VPC Link before spinning down your Cortex cluster:

delete api
delete vpc link